Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2024-06649

Опубликовано: 12 авг. 2024
Источник: fstec
CVSS3: 4.8
CVSS2: 4.3
EPSS Низкий

Описание

Уязвимость функции cfg_mark_ports() DNS-сервера Unbound связана с ошибками переполнения буфера кучи. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, вызвать отказ в обслуживании или несанкционированные действия в системе

Вендор

Red Hat Inc.
Сообщество свободного программного обеспечения
ООО «Ред Софт»
ООО «РусБИТех-Астра»
Stichting NLnet Labs

Наименование ПО

Red Hat Enterprise Linux
OpenShift Container Platform
Debian GNU/Linux
РЕД ОС
Astra Linux Special Edition
Red Hat OpenStack Platform
Unbound

Версия ПО

8 (Red Hat Enterprise Linux)
4 (OpenShift Container Platform)
11 (Debian GNU/Linux)
12 (Debian GNU/Linux)
7.3 (РЕД ОС)
1.7 (Astra Linux Special Edition)
9 (Red Hat Enterprise Linux)
16.2 (Red Hat OpenStack Platform)
17.1 (Red Hat OpenStack Platform)
от 1.19.0 до 1.20.0rc1 (Unbound)
18.0 (Red Hat OpenStack Platform)

Тип ПО

Операционная система
Прикладное ПО информационных систем
ПО программно-аппаратного средства
ПО сетевого программно-аппаратного средства

Операционные системы и аппаратные платформы

ООО «Ред Софт» РЕД ОС 7.3
ООО «РусБИТех-Астра» Astra Linux Special Edition 1.7

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 4,3)
Средний уровень опасности (базовая оценка CVSS 3.0 составляет 4,8)

Возможные меры по устранению уязвимости

Для Unbound:
https://github.com/NLnetLabs/unbound/commit/193401e7543a1e561dd634a3eaae932fa462a2b9
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2024-43168
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2024-43168
Для ОС Astra Linux:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 7%
0.00031
Низкий

4.8 Medium

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2024-43168

CVSS3: 4.8
ubuntu
11 месяцев назад

DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.

redhat логотип

CVE-2024-43168

CVSS3: 4.8
redhat
11 месяцев назад

DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.

nvd логотип

CVE-2024-43168

CVSS3: 4.8
nvd
11 месяцев назад

DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.

msrc логотип

CVE-2024-43168

CVSS3: 4.8
msrc
10 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-43168

CVSS3: 4.8
debian
11 месяцев назад

DISPUTE NOTE: this issue does not pose a security risk as it (accordin ...

EPSS

Процентиль: 7%
0.00031
Низкий

4.8 Medium

CVSS3

4.3 Medium

CVSS2