VDB
RHSA-2024%3A4846
RHSA-2024%3A4846
PUBLISHED
CVSS 5.900000095367432 MEDIUM
The dnspython stub resolver is vulnerable to a denial of service (DoS) risk if an attacker sends a malicious response forged with the correct address and port before a legitimate one arrives on the UDP port used by dnspython for the query. In such cases, dnspython could either switch to another resolver or abandon the query altogether, potentially leading to service denial for that resolution.
Risk Scores
CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-ironic-agent-rhel9@sha256:6250f82b8659b04c17a3269eda6355f8ebd4812a48cbe044c10ca1b0f28a3dc7_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-ironic-agent-rhel9@sha256:6250f82b8659b04c17a3269eda6355f8ebd4812a48cbe044c10ca1b0f28a3dc7_arm64 |
| Red Hat | openshift4/ose-cloud-credential-operator@sha256:5f8a3522b4945882267b8ffdc846e76fde187897987517e45437136d8660a0b0_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-cloud-credential-operator@sha256:5f8a3522b4945882267b8ffdc846e76fde187897987517e45437136d8660a0b0_arm64 |
| Red Hat | openshift4/ose-ovn-kubernetes-rhel9@sha256:3c8ae70f28661716b55806b465244675273d71bcce8ff06d16c0df68e8c51807_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-ovn-kubernetes-rhel9@sha256:3c8ae70f28661716b55806b465244675273d71bcce8ff06d16c0df68e8c51807_arm64 |
| Red Hat | openshift4/ose-agent-installer-node-agent-rhel8@sha256:594a8f1fc1fc6493e91a997fea13354a4d633d5e2d007e5ed449a3b1c83eb248_s390x as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-agent-installer-node-agent-rhel8@sha256:594a8f1fc1fc6493e91a997fea13354a4d633d5e2d007e5ed449a3b1c83eb248_s390x |
| Red Hat | openshift4/ose-agent-installer-api-server-rhel8@sha256:364bad05d2d9cc44ca8f8bc7922c6dc7c84f575e00a32dfdf31482c9ab8642d1_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | * |
| Red Hat | openshift4/driver-toolkit-rhel9@sha256:e543e5df44872d4c489f6f1d692468cb64368750715bbf8d09512421a0381041_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/driver-toolkit-rhel9@sha256:e543e5df44872d4c489f6f1d692468cb64368750715bbf8d09512421a0381041_ppc64le |
| Red Hat | openshift4/ose-cluster-image-registry-operator@sha256:c73e40e970cb5715aba4f23e3f736ef0344c1438e7c291fdd6b28101020b28de_s390x as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-cluster-image-registry-operator@sha256:c73e40e970cb5715aba4f23e3f736ef0344c1438e7c291fdd6b28101020b28de_s390x |
| Red Hat | openshift4/ose-ovn-kubernetes@sha256:0ffefd7dd19da226874d5781d298cab1a0e8d232899689d4c5e180476d071154_s390x as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-ovn-kubernetes@sha256:0ffefd7dd19da226874d5781d298cab1a0e8d232899689d4c5e180476d071154_s390x |
| Red Hat | openshift4/ose-machine-config-operator@sha256:7c5d18df7f5bb420694ccc9f477cec139a4e748e4cae6ff125aad7a48b3505b0_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-machine-config-operator@sha256:7c5d18df7f5bb420694ccc9f477cec139a4e748e4cae6ff125aad7a48b3505b0_ppc64le |
| Red Hat | openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8@sha256:7182cf52d61ea340b07d89fec08a6fc37b7715dae6f09642324f5fcd17ba7fdb_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8@sha256:7182cf52d61ea340b07d89fec08a6fc37b7715dae6f09642324f5fcd17ba7fdb_amd64 |
| Red Hat | openshift4/ose-agent-installer-node-agent-rhel8@sha256:faf25bce89bbf91446b1e9770bbb578af348571ddf0b5b3fd0ef37c6a771cb37_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | * |
| Red Hat | openshift4/ose-insights-rhel8-operator@sha256:fdf5f9f0ded2f510b36fbdc95bec2ccf49933eafdafe60f80896e86924ea86cc_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | * |
| Red Hat | openshift4/ose-ovn-kubernetes-rhel9@sha256:a36ffb3cf54a0db2826a71295e561bab17e4135f03b0eaa121ea11d380f921ca_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | * |
| Red Hat | openshift4/ose-cluster-image-registry-operator@sha256:43d74f04670fd1637a536fcc0208d528b36dff7e864d7eeb4d24bdc8f3af18bf_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-cluster-image-registry-operator@sha256:43d74f04670fd1637a536fcc0208d528b36dff7e864d7eeb4d24bdc8f3af18bf_ppc64le |
| Red Hat | openshift4/ose-ovn-kubernetes-rhel9@sha256:0ffefd7dd19da226874d5781d298cab1a0e8d232899689d4c5e180476d071154_s390x as a component of Red Hat OpenShift Container Platform 4.13 | * |
| Red Hat | openshift4/ose-insights-rhel8-operator@sha256:da42a09a3312a87aae063b1369e383db94d34380c1ec8c3019450d70ec55d782_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-insights-rhel8-operator@sha256:da42a09a3312a87aae063b1369e383db94d34380c1ec8c3019450d70ec55d782_ppc64le |
| Red Hat | openshift4/network-tools-rhel8@sha256:ed46d539379a93e74ee70d42fa9119a4f978173cbdf89432305fc724e338767d_s390x as a component of Red Hat OpenShift Container Platform 4.13 | * |
| Red Hat | openshift4/network-tools-rhel8@sha256:23459e47a4b63d648b3297710bb0768ebcdb6bce17e1a9af1242a40861928023_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/network-tools-rhel8@sha256:23459e47a4b63d648b3297710bb0768ebcdb6bce17e1a9af1242a40861928023_amd64 |
| Red Hat | openshift4/ose-machine-config-operator@sha256:d6c477add74000ab226d344ddda2e40c64bd578ddf21614c15c1cddadaa8eb56_s390x as a component of Red Hat OpenShift Container Platform 4.13 | * |
| Red Hat | openshift4/ose-agent-installer-node-agent-rhel8@sha256:7319c954115c3bec30426b15552917c21a5b9ad714488972c25157ed71ac1854_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-agent-installer-node-agent-rhel8@sha256:7319c954115c3bec30426b15552917c21a5b9ad714488972c25157ed71ac1854_arm64 |
…and 52 more
Timeline
- Jul 31, 2024 CVE Published
- Apr 24, 2026 CVE Updated
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2024:4846 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2274520 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2294000 issue
- https://issues.redhat.com/browse/OCPBUGS-11449 advisory
- https://issues.redhat.com/browse/OCPBUGS-35053 advisory
- https://issues.redhat.com/browse/OCPBUGS-36745 advisory
- https://issues.redhat.com/browse/OCPBUGS-36782 advisory
- https://issues.redhat.com/browse/OCPBUGS-36962 advisory
- https://issues.redhat.com/browse/OCPBUGS-37075 advisory
- https://issues.redhat.com/browse/OCPBUGS-37160 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4846.json advisory
- https://access.redhat.com/security/cve/CVE-2023-29483 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-29483 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-29483 advisory
- https://www.dnspython.org/news/2.6.0rc1/ advisory
- https://access.redhat.com/security/cve/CVE-2024-6104 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-6104 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-6104 advisory