CVE-2024-43167

NameCVE-2024-43167
DescriptionDISPUTE NOTE: this issue does not pose a security risk as it (accordin ...
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3903-1
Debian Bugs1078647

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
unbound (PTS)bullseye1.13.1-1+deb11u2vulnerable
bullseye (security)1.13.1-1+deb11u7fixed
bookworm1.17.1-2+deb12u4fixed
bookworm (security)1.17.1-2+deb12u3fixed
trixie (security), trixie1.22.0-2+deb13u1fixed
forky, sid1.24.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
unboundsourcebullseye1.13.1-1+deb11u3DLA-3903-1
unboundsourcebookworm1.17.1-2+deb12u3
unboundsource(unstable)1.21.1-1unimportant1078647

Notes

https://bugzilla.redhat.com/show_bug.cgi?id=2303456
https://github.com/NLnetLabs/unbound/issues/1072
https://github.com/NLnetLabs/unbound/pull/1073
Fixed by: https://github.com/NLnetLabs/unbound/commit/8e43e2574c4e02f79c562a061581cdcefe136912 (release-1.21.0rc1)
Follow-up: https://github.com/NLnetLabs/unbound/commit/86ee8ccd121d6ad2db41e065b7d5e63605a324b2 (release-1.21.0rc1)
Follow-up: https://github.com/NLnetLabs/unbound/commit/d149e755fd0b961fe6f0710ae88e7b2fa1662310 (release-1.21.0rc1)
Regression: https://github.com/NLnetLabs/unbound/commit/db1167c8b38daf2a4352ba3e4e6d54740e999d29 (release-1.22.0rc1)
Negligible security impact according to upstream
Search for package or bug name: Reporting problems