ISHACK AI BOT

Red Hat JBossEAP: Other (CVE-2024-47855) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 10/04/2024 Created 02/07/2025 Added 02/06/2025 Modified 02/06/2025 Description util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string. Solution(s) red-hat-jboss-eap-upgrade-latest References https://attackerkb.com/topics/cve-2024-47855 CVE - 2024-47855 https://access.redhat.com/security/cve/CVE-2024-47855 https://bugzilla.redhat.com/show_bug.cgi?id=2316421 https://github.com/advisories/GHSA-wwcp-26wc-3fxm https://github.com/kordamp/json-lib/commit/a0c4a0eae277130e22979cf307c95dec4005a78e https://github.com/kordamp/json-lib/compare/v3.0.3...v3.1.0

Debian: CVE-2024-9369: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/04/2024 Created 10/05/2024 Added 10/04/2024 Modified 01/28/2025 Description Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-9369 CVE - 2024-9369 DSA-5781-1

Debian: CVE-2024-7025: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/04/2024 Created 10/05/2024 Added 10/04/2024 Modified 01/28/2025 Description Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-7025 CVE - 2024-7025 DSA-5781-1

Debian: CVE-2024-8927: php7.4, php8.2 -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/04/2024 Created 10/05/2024 Added 10/04/2024 Modified 01/28/2025 Description In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP. Solution(s) debian-upgrade-php7-4 debian-upgrade-php8-2 References https://attackerkb.com/topics/cve-2024-8927 CVE - 2024-8927 DSA-5780-1

Debian: CVE-2024-8925: php7.4, php8.2 -- security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 10/04/2024 Created 10/05/2024 Added 10/04/2024 Modified 01/28/2025 Description In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior. Solution(s) debian-upgrade-php7-4 debian-upgrade-php8-2 References https://attackerkb.com/topics/cve-2024-8925 CVE - 2024-8925 DSA-5780-1

Debian: CVE-2024-8926: php8.2 -- security update Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 10/04/2024 Created 10/05/2024 Added 10/04/2024 Modified 01/30/2025 Description In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. Solution(s) debian-upgrade-php8-2 References https://attackerkb.com/topics/cve-2024-8926 CVE - 2024-8926 DSA-5780-1

Amazon Linux 2023: CVE-2024-47850: Medium priority package update for cups-filters Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/04/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.) A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added. Solution(s) amazon-linux-2023-upgrade-cups-filters amazon-linux-2023-upgrade-cups-filters-debuginfo amazon-linux-2023-upgrade-cups-filters-debugsource amazon-linux-2023-upgrade-cups-filters-devel amazon-linux-2023-upgrade-cups-filters-libs amazon-linux-2023-upgrade-cups-filters-libs-debuginfo References https://attackerkb.com/topics/cve-2024-47850 CVE - 2024-47850 https://alas.aws.amazon.com/AL2023/ALAS-2024-723.html

Red Hat: CVE-2024-47850: cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/04/2024 Created 10/08/2024 Added 10/07/2024 Modified 10/07/2024 Description CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.) Solution(s) redhat-upgrade-cups-filters redhat-upgrade-cups-filters-debuginfo redhat-upgrade-cups-filters-debugsource redhat-upgrade-cups-filters-devel redhat-upgrade-cups-filters-libs redhat-upgrade-cups-filters-libs-debuginfo References CVE-2024-47850 RHSA-2024:7462 RHSA-2024:7463 RHSA-2024:7503

Debian: CVE-2024-47913: mediawiki -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/04/2024 Created 10/08/2024 Added 10/07/2024 Modified 10/07/2024 Description An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter. Solution(s) debian-upgrade-mediawiki References https://attackerkb.com/topics/cve-2024-47913 CVE - 2024-47913 DSA-5785-1

Ubuntu: (CVE-2024-47850): cups-browsed vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/04/2024 Created 11/21/2024 Added 11/19/2024 Modified 11/19/2024 Description CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.) Solution(s) ubuntu-pro-upgrade-cups-browsed ubuntu-pro-upgrade-cups-filters References https://attackerkb.com/topics/cve-2024-47850 CVE - 2024-47850 https://github.com/OpenPrinting/cups https://github.com/advisories/GHSA-phc2-g348-384g https://ubuntu.com/blog/cups-remote-code-execution-vulnerability-fix-available https://ubuntu.com/security/notices/USN-7042-1 https://ubuntu.com/security/notices/USN-7043-1 https://ubuntu.com/security/notices/USN-7043-2 https://ubuntu.com/security/notices/USN-7043-3 https://www.akamai.com/blog/security-research/october-cups-ddos-threat https://www.cve.org/CVERecord?id=CVE-2024-47850 https://www.openwall.com/lists/oss-security/2024/10/04/1 View more

Microsoft Edge Chromium: CVE-2024-9369 Insufficient data validation in Mojo Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/04/2024 Created 10/05/2024 Added 10/04/2024 Modified 01/28/2025 Description Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-9369 CVE - 2024-9369 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-9369

Microsoft Edge Chromium: CVE-2024-9370 Inappropriate implementation in V8 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/04/2024 Created 10/05/2024 Added 10/04/2024 Modified 10/07/2024 Description This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com">Google Chrome Releases</a> for more information. Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-9370 CVE - 2024-9370 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-9370

Amazon Linux 2023: CVE-2024-8508: Medium priority package update for unbound Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 10/03/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic. A flaw was found in Unbound which can lead to degraded performance and an eventual denial of service when handling replies with very large RRsets that require name compression to be applied. Versions prior to 1.21.1 do not have a hard limit on the number of name compression calculations that Unbound can perform per packet, meaning that if a specially crafted query is passed for the contents of a malicious zone with very large RRsets, Unbound may spend a considerable amount of time applying name compression to downstream replies, locking the CPU until the whole packet has been processed. Solution(s) amazon-linux-2023-upgrade-python3-unbound amazon-linux-2023-upgrade-python3-unbound-debuginfo amazon-linux-2023-upgrade-unbound amazon-linux-2023-upgrade-unbound-anchor amazon-linux-2023-upgrade-unbound-anchor-debuginfo amazon-linux-2023-upgrade-unbound-debuginfo amazon-linux-2023-upgrade-unbound-debugsource amazon-linux-2023-upgrade-unbound-devel amazon-linux-2023-upgrade-unbound-libs amazon-linux-2023-upgrade-unbound-libs-debuginfo amazon-linux-2023-upgrade-unbound-utils amazon-linux-2023-upgrade-unbound-utils-debuginfo References https://attackerkb.com/topics/cve-2024-8508 CVE - 2024-8508 https://alas.aws.amazon.com/AL2023/ALAS-2024-719.html

Huawei EulerOS: CVE-2024-8508: unbound security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 10/03/2024 Created 12/13/2024 Added 12/12/2024 Modified 01/28/2025 Description NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic. Solution(s) huawei-euleros-2_0_sp11-upgrade-python3-unbound huawei-euleros-2_0_sp11-upgrade-unbound huawei-euleros-2_0_sp11-upgrade-unbound-libs References https://attackerkb.com/topics/cve-2024-8508 CVE - 2024-8508 EulerOS-SA-2024-2988

Red Hat: CVE-2024-8508: unbound: Unbounded name compression could lead to Denial of Service (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 10/03/2024 Created 02/04/2025 Added 02/03/2025 Modified 02/10/2025 Description NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic. Solution(s) redhat-upgrade-python3-unbound redhat-upgrade-python3-unbound-debuginfo redhat-upgrade-unbound redhat-upgrade-unbound-debuginfo redhat-upgrade-unbound-debugsource redhat-upgrade-unbound-devel redhat-upgrade-unbound-libs redhat-upgrade-unbound-libs-debuginfo References CVE-2024-8508 RHSA-2024:11170 RHSA-2024:11232 RHSA-2025:0837

Alpine Linux: CVE-2024-25590: Vulnerability in Multiple Components Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/03/2024 Created 10/12/2024 Added 10/10/2024 Modified 10/10/2024 Description An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of service. Solution(s) alpine-linux-upgrade-pdns-recursor References https://attackerkb.com/topics/cve-2024-25590 CVE - 2024-25590 https://security.alpinelinux.org/vuln/CVE-2024-25590

SUSE: CVE-2024-9313: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/03/2024 Created 01/01/2025 Added 12/31/2024 Modified 12/31/2024 Description Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them. Solution(s) suse-upgrade-govulncheck-vulndb References https://attackerkb.com/topics/cve-2024-9313 CVE - 2024-9313

Debian: CVE-2024-36474: libgsf -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 10/03/2024 Created 10/08/2024 Added 10/07/2024 Modified 01/28/2025 Description An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Solution(s) debian-upgrade-libgsf References https://attackerkb.com/topics/cve-2024-36474 CVE - 2024-36474 DSA-5786-1

Oracle WebLogic: CVE-2024-47554 : Critical Patch Update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/03/2024 Created 01/23/2025 Added 01/21/2025 Modified 01/21/2025 Description Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue. Solution(s) oracle-weblogic-jan-2025-cpu-12_2_1_4_0 oracle-weblogic-jan-2025-cpu-14_1_1_0_0 oracle-weblogic-jan-2025-cpu-14_1_2_0_0 References https://attackerkb.com/topics/cve-2024-47554 CVE - 2024-47554 http://www.oracle.com/security-alerts/cpujan2025.html https://support.oracle.com/rs?type=doc&id=3064245.2

Debian: CVE-2024-25590: pdns-recursor -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/03/2024 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of service. Solution(s) debian-upgrade-pdns-recursor References https://attackerkb.com/topics/cve-2024-25590 CVE - 2024-25590 DSA-5852-1

Red Hat OpenShift: CVE-2024-8508: unbound: Unbounded name compression could lead to Denial of Service Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 10/03/2024 Created 01/17/2025 Added 01/16/2025 Modified 02/13/2025 Description NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic. Solution(s) linuxrpm-upgrade-rhcos References https://attackerkb.com/topics/cve-2024-8508 CVE - 2024-8508 RHSA-2024:11170 RHSA-2024:11232 RHSA-2025:0140 RHSA-2025:0837 RHSA-2025:1120

Alma Linux: CVE-2024-8508: Important: unbound security update (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 10/03/2024 Created 12/24/2024 Added 12/24/2024 Modified 02/03/2025 Description NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic. Solution(s) alma-upgrade-python3-unbound alma-upgrade-unbound alma-upgrade-unbound-devel alma-upgrade-unbound-libs References https://attackerkb.com/topics/cve-2024-8508 CVE - 2024-8508 https://errata.almalinux.org/8/ALSA-2025-0837.html https://errata.almalinux.org/9/ALSA-2024-11232.html

Gentoo Linux: CVE-2024-42415: libgsf: Multiple Vulnerabilities Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 10/03/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Solution(s) gentoo-linux-upgrade-gnome-extra-libgsf References https://attackerkb.com/topics/cve-2024-42415 CVE - 2024-42415 202501-07

Alpine Linux: CVE-2024-8508: Vulnerability in Multiple Components Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 10/03/2024 Created 10/12/2024 Added 10/10/2024 Modified 10/10/2024 Description NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic. Solution(s) alpine-linux-upgrade-unbound References https://attackerkb.com/topics/cve-2024-8508 CVE - 2024-8508 https://security.alpinelinux.org/vuln/CVE-2024-8508

Huawei EulerOS: CVE-2024-8508: unbound security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 10/03/2024 Created 12/13/2024 Added 12/12/2024 Modified 01/28/2025 Description NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic. Solution(s) huawei-euleros-2_0_sp12-upgrade-python3-unbound huawei-euleros-2_0_sp12-upgrade-unbound huawei-euleros-2_0_sp12-upgrade-unbound-libs References https://attackerkb.com/topics/cve-2024-8508 CVE - 2024-8508 EulerOS-SA-2024-2959