Skip to main content
Version: latest

CVE-2024-0760

CVE Details

CVE-2024-0760

Last Update

10/10/24

NIST CVE Summary

A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1.

Our Official Summary

A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. In order to exploit this vulnerability, image in which this cve is reported has to be compromised and hacker has to gain privileged access. There are sufficient controls in place to consider the probability of occurrence as low. There is a fix available upstream and we are investigating upgrading to the fixed version.

CVE Severity

7.5

Status

Ongoing

Affected Products & Versions

  • Palette VerteX airgap 4.4.14, 4.4.18
  • Palette Enterprise airgap 4.4.18, 4.5.3
  • Palette Enterprise 4.5.3

Revision History

  • 1.0 08/16/2024 Initial Publication
  • 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products
  • 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products
  • 4.0 10/10/2024 CVE remediated in Palette VerteX airgap 4.5.3
  • 5.0 10/14/2024 Added Palette Enterprise 4.5.3 to Affected Products