Key Information 1. Vulnerability ID: - CVE-2024-43168 2. Release Date: - August 7, 2024 3. Last Updated: - August 8, 2024 4. Severity: - Low 5. Description: - A heap buffer overflow vulnerability was discovered in the function of Unbound, potentially leading to memory corruption. An attacker with local access could provide specially crafted input, potentially causing application crashes or enabling arbitrary code execution. This could result in denial of service or unauthorized operations. 6. Mitigations: - No mitigations are currently available, and no available options meet Red Hat Product Security standards. 7. Affected Packages and Red Hat Security Patches: - Multiple Red Hat products and services are affected, including Red Hat Enterprise Linux 6, 7, 8, 9, Red Hat OpenShift Container Platform 4, 16.2, 17.1, 18.0, and Red Hat OpenStack Platform 18.0. 8. CVSS Score: - CVSS v3 Base Score: 4.8 - CVSS v3 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L 9. Frequently Asked Questions: - Why does Red Hat’s CVSS v3 score or impact differ from other vendors? - My product is listed as “under investigation” or “affected.” When will Red Hat release a fix? - If my product is listed as “unfixable,” what should I do? - What are mitigations? - I have a Red Hat product, but it’s not listed above. Is it affected? - Why does my security scanner report that my product is affected by this vulnerability, even though my product version is patched or unaffected? - My product is listed as “out of support.” What does that mean? Additional Information External References: - Detailed information on CVE-2024-43168 - NVD details - Relevant code and patches on GitHub Disclaimer: - This page is automatically generated and has not been checked for errors or omissions. - For clarifications or corrections, contact the Red Hat Product Security team. Copyright: - CVE description copyright © 2021