CVE-2024-0760
CVE Details
Visit the official vulnerability details page for CVE-2024-0760 to learn more.
Initial Publication
10/25/2024
Last Update
12/13/2024
Third Party Dependency
bind-libs
NIST CVE Summary
A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1.
CVE Severity
Our Official Summary
A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. In order to exploit this vulnerability, image in which this cve is reported has to be compromised and hacker has to gain privileged access. There are sufficient controls in place to consider the probability of occurrence as low. There is a fix available upstream and we are investigating upgrading to the fixed version.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.5.5 | ⚠️ Impacted | ⚠️ Impacted | ✅ No Impact | ✅ No Impact |
| 4.5.4 | ⚠️ Impacted | ⚠️ Impacted | ✅ No Impact | ✅ No Impact |
| 4.4.20 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
Revision History
| Date | Revision |
|---|---|
| 11/13/2024 | Impacted versions changed from 4.5.4, 4.5.5 to 4.5.4, 4.5.5, 4.4.20 |
| 10/27/2024 | Impacted versions changed from 4.5.4 to 4.5.4, 4.5.5 |