CVE-2024-43167
Publication date 12 August 2024
Last updated 16 September 2024
Ubuntu priority
A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.
Status
Package | Ubuntu Release | Status |
---|---|---|
unbound | 24.04 LTS noble |
Fixed 1.19.2-1ubuntu3.2
|
22.04 LTS jammy |
Fixed 1.13.1-1ubuntu5.7
|
|
20.04 LTS focal |
Fixed 1.9.4-2ubuntu1.8
|
|
18.04 LTS bionic |
Fixed 1.6.7-1ubuntu2.6+esm2
|
|
16.04 LTS xenial |
Fixed 1.5.8-1ubuntu1.1+esm1
|
|
14.04 LTS trusty |
Fixed 1.4.22-1ubuntu4.14.04.3+esm1
|
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu ProReferences
Related Ubuntu Security Notices (USN)
- USN-6998-1
- Unbound vulnerabilities
- 11 September 2024