{"id":"CVE-2024-1488","details":"A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.","modified":"2026-05-04T08:46:01.720436Z","published":"2024-02-15T05:15:10.257Z","withdrawn":"2026-05-04T08:46:01.720436Z","related":["ALSA-2024:1750","ALSA-2024:1751","ALSA-2025:0837"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1780"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1801"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2587"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2696"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:0837"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2024-1488"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1750"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1751"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1802"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1804"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2264183"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-1488.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"1.19.1-2.fc40"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.2"}]},{"events":[{"introduced":"0"},{"last_affected":"9.4"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0_ppc64le"}]},{"events":[{"introduced":"0"},{"last_affected":"9.2_ppc64le"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0_aarch64"}]},{"events":[{"introduced":"0"},{"last_affected":"9.2_aarch64"}]},{"events":[{"introduced":"0"},{"last_affected":"9.4_aarch64"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0_s390x"}]},{"events":[{"introduced":"0"},{"last_affected":"9.2_s390x"}]},{"events":[{"introduced":"0"},{"last_affected":"9.4_s390x"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.6"}]},{"events":[{"introduced":"0"},{"last_affected":"8.8"}]},{"events":[{"introduced":"0"},{"last_affected":"9.2"}]},{"events":[{"introduced":"0"},{"last_affected":"9.4"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0_aarch64"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0_aarch64"}]},{"events":[{"introduced":"0"},{"last_affected":"9.2_aarch64"}]},{"events":[{"introduced":"0"},{"last_affected":"8.6_aarch64"}]},{"events":[{"introduced":"0"},{"last_affected":"8.8_aarch64"}]},{"events":[{"introduced":"0"},{"last_affected":"9.4_aarch64"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0_s390x"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0_s390x"}]},{"events":[{"introduced":"0"},{"last_affected":"9.2_s390x"}]},{"events":[{"introduced":"0"},{"last_affected":"8.6_s390x"}]},{"events":[{"introduced":"0"},{"last_affected":"8.8_s390x"}]},{"events":[{"introduced":"0"},{"last_affected":"9.4_s390x"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0_ppc64le"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0_ppc64le"}]},{"events":[{"introduced":"0"},{"last_affected":"9.2_ppc64le"}]},{"events":[{"introduced":"0"},{"last_affected":"8.6_ppc64le"}]},{"events":[{"introduced":"0"},{"last_affected":"8.8_ppc64le"}]},{"events":[{"introduced":"0"},{"last_affected":"9.4_ppc64le"}]},{"events":[{"introduced":"0"},{"last_affected":"8.2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.4"}]},{"events":[{"introduced":"0"},{"last_affected":"8.6"}]},{"events":[{"introduced":"0"},{"last_affected":"9.2"}]},{"events":[{"introduced":"0"},{"last_affected":"9.4"}]},{"events":[{"introduced":"0"},{"last_affected":"8.2_ppc64le"}]},{"events":[{"introduced":"0"},{"last_affected":"8.4_ppc64le"}]},{"events":[{"introduced":"0"},{"last_affected":"8.6_ppc64le"}]},{"events":[{"introduced":"0"},{"last_affected":"8.8_ppc64le"}]},{"events":[{"introduced":"0"},{"last_affected":"9.2_ppc64le"}]},{"events":[{"introduced":"0"},{"last_affected":"9.4_ppc64le"}]},{"events":[{"introduced":"0"},{"last_affected":"8.2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.4"}]},{"events":[{"introduced":"0"},{"last_affected":"8.6"}]},{"events":[{"introduced":"0"},{"last_affected":"8.8"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H"}]}