CVE-2024-24192 – CVE-2024-24192 is a heap overflow vulnerability... (How to Fix)

Q: What is the severity of CVE-2024-24192?

CVE-2024-24192 has a CVSS score of 9.1 (CRITICAL). CVE-2024-24192 is a heap overflow vulnerability in robdns that occurs when processing zone files. Attackers can exploit this to execute arbitrary code or crash the DNS server. Anyone running vulnerable versions of robdns is affected.

📋 TL;DR

CVE-2024-24192 is a heap overflow vulnerability in robdns that occurs when processing zone files. Attackers can exploit this to execute arbitrary code or crash the DNS server. Anyone running vulnerable versions of robdns is affected.

💻 Affected Systems

Products:

robdns

Versions: Versions before commit d76d2e6

Operating Systems: All platforms running robdns

Default Config Vulnerable: ⚠️ Yes

Notes: Any configuration using zone files is vulnerable. The vulnerability triggers when processing malicious or specially crafted zone files.

📦 What is this software?

Robdns by Robertdavidgraham

View all CVEs affecting Robdns →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, allowing attackers to install malware, steal data, or pivot to other systems.

🟠

Likely Case

Denial of service causing DNS service disruption, potentially affecting network resolution and dependent services.

🟢

If Mitigated

Limited impact with proper network segmentation and minimal exposure, potentially just service crashes.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending malicious zone files to the server. No public exploit code is known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit d76d2e6 or later

Vendor Advisory: https://github.com/robertdavidgraham/robdns/issues/8

Restart Required: Yes

Instructions:

1. Update robdns to commit d76d2e6 or later. 2. Rebuild from source if using source installation. 3. Restart the robdns service.

🔧 Temporary Workarounds

Restrict Zone File Sources

all

Only allow zone file updates from trusted sources and implement strict validation of zone file content.

Network Segmentation

all

Place robdns servers behind firewalls and restrict access to zone update ports.

🧯 If You Can't Patch

Implement strict network controls to limit who can send zone files to the server
Monitor for abnormal DNS traffic patterns and implement rate limiting

🔍 How to Verify

Check if Vulnerable:

Check robdns version or commit hash. If using source, verify commit is before d76d2e6.

Check Version:

robdns --version or check git commit hash if built from source

Verify Fix Applied:

Confirm robdns is running commit d76d2e6 or later and test with valid zone files.

📡 Detection & Monitoring

Log Indicators:

Unexpected crashes or restarts of robdns
Errors related to zone file parsing or memory allocation

Network Indicators:

Unusual zone transfer requests
Large or malformed DNS zone updates

SIEM Query:

source="robdns" AND (error OR crash OR "heap overflow")

📊 Metadata

CVE ID: CVE-2024-24192

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-125

Published: June 6, 2024

Last Updated: November 21, 2024

🔗 References

https://github.com/robertdavidgraham/robdns/issues/8 Issue Tracking
https://github.com/robertdavidgraham/robdns/issues/8 Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24192, you might also want to check these: