CVE-2024-8418

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Sep 4, 2024
Updated: Sep 5, 2024
CWE ID 400

Summary

CVE-2024-8418 is a denial of service vulnerability identified in Aardvark-dns versions 1.12.0 and 1.12.1, affecting products such as yS-Kew and yVFap8. The vulnerability arises from the serial processing of TCP DNS queries, allowing an attacker to keep a TCP connection open indefinitely, which can lead to timeouts for other DNS queries and disrupt services for all containers utilizing Aardvark-dns. Remediation involves upgrading to a patched version of Aardvark-dns to mitigate the risk posed by this flaw. The vulnerability has a high severity rating with a CVSS score of 7.5, indicating significant potential availability impact without requiring user interaction or elevated privileges. Organizations utilizing affected versions should prioritize remediation to avoid potential service disruptions due to resource exhaustion.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share