Skip to main content
Version: latest

CVE-2024-0760

CVE Details

Visit the official vulnerability details page for CVE-2024-0760 to learn more.

Initial Publication

11/13/2024

Last Update

12/13/2024

Third Party Dependency

bind-libs

NIST CVE Summary

A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1.

CVE Severity

7.5

Our Official Summary

A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. In order to exploit this vulnerability, image in which this cve is reported has to be compromised and hacker has to gain privileged access. There are sufficient controls in place to consider the probability of occurrence as low. There is a fix available upstream and we are investigating upgrading to the fixed version.

Status

Ongoing

Affected Products & Versions

VersionPalette EnterprisePalette Enterprise AirgapVerteXVerteX Airgap
4.5.5⚠️ Impacted⚠️ Impacted✅ No Impact✅ No Impact
4.5.4⚠️ Impacted⚠️ Impacted✅ No Impact✅ No Impact
4.4.20⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted

Revision History

DateRevision