SB20250328295 - Anolis OS update for grafana

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20250328295

SB20250328295 - Anolis OS update for grafana

Published: March 28, 2025

Security Bulletin ID SB20250328295
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 67% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Infinite loop (CVE-ID: CVE-2024-24788)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when processing DNS responses. A remote attacker can send a specially crafted DNS response to the application and cause denial of service conditions.


2) Input validation error (CVE-ID: CVE-2024-24789)

The vulnerability allows a remote attacker to manipulate data.

The vulnerability exists due to insufficient validation of user-supplied input in archive/zip when handling zip archives. A remote attacker can create a zip file with content that will vary depending on the implementation reading the file.


3) Input validation error (CVE-ID: CVE-2024-24790)

The vulnerability allows a remote attacker to modify application behavior.

The vulnerability exists due to improper handling of IPv4-mapped IPv6 addresses in net/netip within multiple methods, e.g. IsPrivate, IsLoopback. The affected methods return false for addresses which would return true in their traditional IPv4 forms, leading to potential bypass of implemented security features.


Remediation

Install update from vendor's website.

References