Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-24788

Опубликовано: 08 мая 2024
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.

A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
cert-manager Operator for Red Hat OpenShiftcert-manager/cert-manager-operator-rhel9Not affected
Cost Management Metrics Operatorcostmanagement-metrics-operator-containerAffected
Cryostat 2cryostat-20-tech-preview/cryostat-rhel8-operatorAffected
Custom Metric Autoscaler operator for Red Hat Openshiftcustom-metrics-autoscaler/custom-metrics-autoscaler-rhel8Not affected
Fence Agents Remediation Operatorworkload-availability/fence-agents-remediation-rhel8-operatorWill not fix
Logging Subsystem for Red Hat OpenShiftopenshift-logging/logging-loki-rhel9Not affected
Logical Volume Manager Storagelvms4/topolvm-rhel9Will not fix
Machine Deletion Remediation Operatorworkload-availability/machine-deletion-remediation-rhel8-operatorAffected
Migration Toolkit for Applications 6mta/mta-hub-rhel9Will not fix
Migration Toolkit for Applications 7mta/mta-cli-rhel9Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=2279814golang: net: malformed DNS message can cause infinite loop

EPSS

Процентиль: 35%
0.00149
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-24788

CVSS3: 5.9
ubuntu
почти 2 года назад

A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.

nvd логотип

CVE-2024-24788

CVSS3: 5.9
nvd
почти 2 года назад

A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.

msrc логотип

CVE-2024-24788

CVSS3: 5.9
msrc
около 1 месяца назад

Malformed DNS message can cause infinite loop in net

debian логотип

CVE-2024-24788

CVSS3: 5.9
debian
почти 2 года назад

A malformed DNS message in response to a query can cause the Lookup fu ...

rocky логотип

RLSA-2024:9277

rocky
около 1 года назад

Moderate: oci-seccomp-bpf-hook security update

EPSS

Процентиль: 35%
0.00149
Низкий

7.5 High

CVSS3