Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2024-06648

Опубликовано: 12 авг. 2024
Источник: fstec
CVSS3: 2.8
CVSS2: 1.7
EPSS Низкий

Описание

Уязвимость функции ub_ctx_set_fwd() DNS-сервера Unbound связана с разыменованием указателя NULL. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, вызвать отказ в обслуживании

Вендор

Red Hat Inc.
Сообщество свободного программного обеспечения
ООО «Ред Софт»
ООО «РусБИТех-Астра»
Stichting NLnet Labs

Наименование ПО

Red Hat Enterprise Linux
OpenShift Container Platform
Debian GNU/Linux
РЕД ОС
Astra Linux Special Edition
Red Hat OpenStack Platform
Unbound

Версия ПО

8 (Red Hat Enterprise Linux)
4 (OpenShift Container Platform)
11 (Debian GNU/Linux)
12 (Debian GNU/Linux)
7.3 (РЕД ОС)
1.7 (Astra Linux Special Edition)
9 (Red Hat Enterprise Linux)
16.2 (Red Hat OpenStack Platform)
17.1 (Red Hat OpenStack Platform)
от 1.19.0 до 1.21.0rc1 (Unbound)
18.0 (Red Hat OpenStack Platform)

Тип ПО

Операционная система
Прикладное ПО информационных систем
ПО программно-аппаратного средства
ПО сетевого программно-аппаратного средства

Операционные системы и аппаратные платформы

Red Hat Inc. Red Hat Enterprise Linux 8
Сообщество свободного программного обеспечения Debian GNU/Linux 11
Сообщество свободного программного обеспечения Debian GNU/Linux 12
ООО «Ред Софт» РЕД ОС 7.3
ООО «РусБИТех-Астра» Astra Linux Special Edition 1.7
Red Hat Inc. Red Hat Enterprise Linux 9

Уровень опасности уязвимости

Низкий уровень опасности (базовая оценка CVSS 2.0 составляет 1,7)
Низкий уровень опасности (базовая оценка CVSS 3.0 составляет 2,8)

Возможные меры по устранению уязвимости

Для Unbound:
https://github.com/NLnetLabs/unbound/commit/8e43e2574c4e02f79c562a061581cdcefe136912
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2024-43167
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2024-43167
Для ОС Astra Linux:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 8%
0.00032
Низкий

2.8 Low

CVSS3

1.7 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2024-43167

CVSS3: 2.8
ubuntu
11 месяцев назад

DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.

redhat логотип

CVE-2024-43167

CVSS3: 2.8
redhat
11 месяцев назад

DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.

nvd логотип

CVE-2024-43167

CVSS3: 2.8
nvd
11 месяцев назад

DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.

msrc логотип

CVE-2024-43167

CVSS3: 2.8
msrc
9 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-43167

CVSS3: 2.8
debian
11 месяцев назад

DISPUTE NOTE: this issue does not pose a security risk as it (accordin ...

EPSS

Процентиль: 8%
0.00032
Низкий

2.8 Low

CVSS3

1.7 Low

CVSS2