CVE-2024-43168 – This CVE describes a heap-buffer-overflow vulne... (How to Fix)

Q: What is the severity of CVE-2024-43168?

CVE-2024-43168 has a CVSS score of 4.8 (MEDIUM). This CVE describes a heap-buffer-overflow vulnerability in Unbound's cfg_mark_ports function that could allow memory corruption. According to the original developer (NLnet Labs), this does not pose a security risk and falls within expected functionality, but Red Hat claims it affects their products. If exploitable, it could allow local attackers to cause crashes or potentially execute arbitrary code.

📋 TL;DR

This CVE describes a heap-buffer-overflow vulnerability in Unbound's cfg_mark_ports function that could allow memory corruption. According to the original developer (NLnet Labs), this does not pose a security risk and falls within expected functionality, but Red Hat claims it affects their products. If exploitable, it could allow local attackers to cause crashes or potentially execute arbitrary code.

💻 Affected Systems

Products:

Unbound DNS resolver
Red Hat products containing Unbound

Versions: Specific versions unclear due to dispute; check Red Hat advisories for affected versions.

Operating Systems: Linux distributions packaging Unbound (Red Hat, Debian, etc.)

Default Config Vulnerable: ✅ No

Notes: According to NLnet Labs, this is not a security vulnerability but expected behavior. Red Hat claims otherwise for their products. Requires local access to provide crafted input.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains arbitrary code execution with Unbound's privileges, potentially leading to system compromise.

🟠

Likely Case

Application crash causing denial of service for DNS resolution services.

🟢

If Mitigated

No impact if Red Hat's claim is incorrect or if proper access controls prevent local attackers from interacting with Unbound configuration.

🌐 Internet-Facing: LOW - Requires local access according to description.

🏢 Internal Only: MEDIUM - Local attackers could potentially exploit this if they have access to Unbound configuration mechanisms.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to provide specially crafted input to Unbound configuration. No public exploit code identified in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Red Hat security advisories for specific patched versions

Vendor Advisory: https://access.redhat.com/security/cve/CVE-2024-43168

Restart Required: Yes

Instructions:

1. Check Red Hat security advisory for affected versions. 2. Apply security updates via yum update unbound. 3. Restart Unbound service: systemctl restart unbound.

🔧 Temporary Workarounds

Restrict local access

linux

Limit which users can interact with Unbound configuration files and processes

chmod 640 /etc/unbound/unbound.conf
chown root:unbound /etc/unbound/unbound.conf

🧯 If You Can't Patch

Implement strict access controls to prevent unauthorized local users from modifying Unbound configuration
Monitor Unbound processes for crashes or abnormal behavior

🔍 How to Verify

Check if Vulnerable:

Check if running affected Red Hat version with vulnerable Unbound package: rpm -q unbound

Check Version:

rpm -q unbound --queryformat '%{VERSION}-%{RELEASE}\n'

Verify Fix Applied:

Verify updated package version matches Red Hat's patched version: rpm -q unbound

📡 Detection & Monitoring

Log Indicators:

Unbound process crashes
Segmentation fault errors in system logs
Abnormal termination of unbound service

Network Indicators:

DNS resolution failures from affected servers

SIEM Query:

process.name:"unbound" AND (event.action:"crashed" OR log.level:"error")

📊 Metadata

CVE ID: CVE-2024-43168

CVSS v3 Score: 4.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CWE: CWE-122

Published: August 12, 2024

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43168, you might also want to check these: