Untriaged
Permalink
CVE-2024-8418
7.5 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Containers/aardvark-dns: tcp query handling flaw in aardvark-dns leading to denial of service
A flaw was found in Aardvark-dns versions 1.12.0 and 1.12.1. They contain a denial of service vulnerability due to serial processing of TCP DNS queries. This flaw allows a malicious client to keep a TCP connection open indefinitely, causing other DNS queries to time out and resulting in a denial of service for all other containers using aardvark-dns.
References
- RHBZ#2309683 issue-tracking x_refsource_REDHAT
- https://github.com/containers/aardvark-dns/issues/500
- https://github.com/containers/aardvark-dns/pull/503
- https://access.redhat.com/security/cve/CVE-2024-8418 x_refsource_REDHAT vdb-entry
- https://access.redhat.com/security/cve/CVE-2024-8418 x_refsource_REDHAT vdb-entry
- RHBZ#2309683 issue-tracking x_refsource_REDHAT
- https://github.com/containers/aardvark-dns/issues/500
- https://github.com/containers/aardvark-dns/pull/503
- https://github.com/containers/aardvark-dns/pull/503
- https://access.redhat.com/security/cve/CVE-2024-8418 x_refsource_REDHAT vdb-entry
- RHBZ#2309683 issue-tracking x_refsource_REDHAT
- https://github.com/containers/aardvark-dns/issues/500
- RHBZ#2309683 issue-tracking x_refsource_REDHAT
- https://github.com/containers/aardvark-dns/issues/500
- https://github.com/containers/aardvark-dns/pull/503
- RHSA-2025:7094 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-8418 x_refsource_REDHAT vdb-entry
- RHSA-2025:7094 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-8418 x_refsource_REDHAT vdb-entry
- RHBZ#2309683 issue-tracking x_refsource_REDHAT
- https://github.com/containers/aardvark-dns/issues/500
- https://github.com/containers/aardvark-dns/pull/503
- https://github.com/containers/aardvark-dns/issues/500
- https://github.com/containers/aardvark-dns/pull/503
- RHSA-2025:7094 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-8418 x_refsource_REDHAT vdb-entry
- RHBZ#2309683 issue-tracking x_refsource_REDHAT
- RHSA-2025:7094 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-8418 x_refsource_REDHAT vdb-entry
- RHBZ#2309683 issue-tracking x_refsource_REDHAT
- https://github.com/containers/aardvark-dns/issues/500
- https://github.com/containers/aardvark-dns/pull/503
- RHSA-2025:7094 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-8418 x_refsource_REDHAT vdb-entry
- RHBZ#2309683 issue-tracking x_refsource_REDHAT
- https://github.com/containers/aardvark-dns/issues/500
- https://github.com/containers/aardvark-dns/pull/503
Affected products
rhcos
aardvark-dns
- *
containers-common
containers/aardvark-dns
- ==1.12.0
- ==1.12.1
container-tools:rhel8/aardvark-dns
container-tools:rhel8/containers-common
Matching in nixpkgs
pkgs.aardvark-dns
Authoritative dns server for A/AAAA container records
-
nixos-unstable -
- nixpkgs-unstable 1.16.0
Package maintainers
-
@vdemeester Vincent Demeester <vincent@sbr.pm>
-
@saschagrunert Sascha Grunert <mail@saschagrunert.de>