High severity8.0NVD Advisory· Published Feb 15, 2024· Updated Jun 17, 2026
CVE-2024-1488
CVE-2024-1488
Description
A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- osv-coords4 versionspkg:rpm/almalinux/python3-unboundpkg:rpm/almalinux/unboundpkg:rpm/almalinux/unbound-develpkg:rpm/almalinux/unbound-libs
< 1.16.2-3.el9_3.5+ 3 more
- (no CPE)range: < 1.16.2-3.el9_3.5
- (no CPE)range: < 1.16.2-3.el9_3.5
- (no CPE)range: < 1.16.2-3.el9_3.5
- (no CPE)range: < 1.16.2-3.el9_3.5
Patches
Vulnerability mechanics
References
11- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatch
- access.redhat.com/errata/RHSA-2024:1750nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2024:1751nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2024:1780nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2024:1801nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2024:1802nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2024:1804nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2024:2587nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2024:2696nvdThird Party Advisory
- access.redhat.com/security/cve/CVE-2024-1488nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:0837nvd
News mentions
0No linked articles in our index yet.