How severe is CVE-2024-8508?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-8508?

This is classified as CWE-606, which is a common weakness in software security.

CVE-2024-8508

MEDIUM Year: 2024

CVSS v3 Score

5.3

Medium

Weakness Type

CWE-606

View all →

Vulnerability Description

NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic.

CVE-2023-3446

MEDIUM

CVSS:5.3(Medium)

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH k...

CWE-6062023

CVE-2023-3817

MEDIUM

CVSS:5.3(Medium)

CWE-6062023

CVE-2023-5678

MEDIUM

CVSS:5.3(Medium)

Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key(...

CWE-6062023

CVE-2024-4603

MEDIUM

CVSS:5.3(Medium)

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA p...

CWE-6062024

CVE-2024-13930

MEDIUM

CVSS:4.9(Medium)

An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume system resources if session administrator credentials become compromised This issue affects ASPECT-Enterpr...

CWE-6062024

CVE-2023-6237

MEDIUM

CVSS:5.9(Medium)

Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experienc...

CWE-6062023

CVE-2024-8508

Vulnerability Description

Related Vulnerabilities

CVE-2023-3446

CVE-2023-3817

CVE-2023-5678

CVE-2024-4603

CVE-2024-13930

CVE-2023-6237