CVE-2024-1737
CVE Details
Visit the official vulnerability details page for CVE-2024-1737 to learn more.
Initial Publication
11/13/2024
Last Update
12/13/2024
Third Party Dependency
bind-libs
NIST CVE Summary
Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
CVE Severity
Our Official Summary
This vulnerability can be exploited if resolver caches and authoritative zone databases hold significant numbers of RRs for the same hostname (of any RTYPE). Services will suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. In order to exploit this vulenerability, image in which this cve is reported has to be compromised and hacker has to gain privileged access. There are sufficient controls in place to consider the probability of occurence as low. There is a fix available upstream and we are investigating upgrading to the fixed version.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.5.5 | ⚠️ Impacted | ⚠️ Impacted | ✅ No Impact | ✅ No Impact |
| 4.5.4 | ⚠️ Impacted | ⚠️ Impacted | ✅ No Impact | ✅ No Impact |
| 4.4.20 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
Revision History
| Date | Revision |
|---|