INFCSA-2024:9200: runc security update
Information about definition
Identificator: INFCSA-2024:9200
Type: security
Release date: 2025-09-24 19:52:12 UTC
Information about package
The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.
Vulnerabilities description
- CVE-2024-24788
A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-24788
|
no information | 7.5 | no information |
Updated packages
Preparing to download...