Skip to main content
Version: latest

CVE-2024-1737

CVE Details

CVE-2024-1737

Last Update

10/10/24

NIST CVE Summary

Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.

Our Official Summary

This vulnerability can be exploited if resolver caches and authoritative zone databases hold significant numbers of RRs for the same hostname (of any RTYPE). Services will suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. In order to exploit this vulenerability, image in which this cve is reported has to be compromised and hacker has to gain privileged access. There are sufficient controls in place to consider the probability of occurence as low. There is a fix available upstream and we are investigating upgrading to the fixed version.

CVE Severity

7.5

Status

Ongoing

Affected Products & Versions

  • Palette VerteX airgap 4.4.14, 4.4.18
  • Palette Enterprise airgap 4.4.18, 4.5.3
  • Palette Enterprise 4.5.3

Revision History

  • 1.0 08/16/2024 Initial Publication
  • 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products
  • 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products
  • 4.0 10/10/2024 CVE remediated in Palette VerteX airgap 4.5.3
  • 5.0 10/14/2024 Added Palette Enterprise 4.5.3 to Affected Products