src icon indicating copy to clipboard operation
src copied to clipboard

Published 20 hours ago verified publisher icon MidnightBSD

CVE-2024-33655 (High) detected in multiple libraries

Open mend-bolt-for-github[bot] opened this issue 1 year ago • 11 comments

CVE-2024-33655 - High Severity Vulnerability

Vulnerable Libraries - src3.1.5, src3.1.5, src3.1.5, src3.1.5

Vulnerability Details

The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue.

Publish Date: 2024-06-06

URL: CVE-2024-33655

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2024-06-09

Fix Resolution: release-1.20.0

Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] avatar Jun 09 '24 12:06 mend-bolt-for-github[bot]