Insyde's Security Pledge
Recent Security Advisories
INSYDE-SA-2024010
Product
CVSS Score
Original Date
Last Revised
Supervyse
See in Description
2024-10-08
Summary
Upgrade BIND to v9.18.28.
Vulnerability Details
CVSS Vector: See in Description
Upgrade BIND to version 9.18.28 which addressed following vulnerabilities.
1. CVE-2024-0760
CVSS: 7.5
Malicious client may send DNS messages causing server instability.
2. CVE-2024-1737
CVSS: 7.5
IND’s database will be slow if a very large number of RRs exist at the same name.
3.CVE-2024-1975
CVSS: 7.5
Client can exhaust CPU resources.
4. CVE-2024-4076
CVSS: 7.5
Assertion failure when serving both stale cache data and authoritative zone content.
Solution Information
OPF: RV23.08 and after.
OPF: RV24.06 and after.
Acknowledgements
Revision History
Revision #
Date
Description
1
2024-10-08
Initial Release