GHSA-g5jh-57wm-p79m · Severity: high · Ecosystem: rust — Missing connection timeout in Aardvark-dns
A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing out. This issue prevents legitimate users from accessing DNS services, thereby disrupting normal operations and causing service downtime.
Conclusion & alert: CVE-2024-8418 is rated High Exploit Risk (63.2/100): CVSS High severity, with medium exploitation likelihood (EPSS 0.76%). Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB). Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
| EDB-ID | Source | Kind | Published | Link |
|---|---|---|---|---|
| — | nvd_ref | exploit_tag | Exploit-DB ↗ |
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.10% | 0.76% | +0.66% |
| 2 | 2025-11-21 | 0.53% | 0.10% | -0.43% |
| 3 | 2025-11-18 | — | 0.53% | — |
Full EPSS history (24 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 7.5 | 3.1 | HIGH |
|
3.9 | 3.6 | [email protected] |
| 7.5 | 3.1 | HIGH |
|
3.9 | 3.6 | [email protected] |
GHSA-g5jh-57wm-p79m · Severity: high · Ecosystem: rust — Missing connection timeout in Aardvark-dns
| vendor | priority | summary | link |
|---|---|---|---|
alpine
|
— | CVE-2024-8418: 1 source package rows (aardvark-dns); 3 state rows across 3 repos (3.21-community, 3.22-community, edge-community); fixed 3, open 0. | https://security.alpinelinux.org/vuln/CVE-2024-8418 |
debian
|
unimportant | CVE-2024-8418 unimportant priority: Debian including 1 source packages (aardvark-dns), 4 status rows across 4 suites (bookworm, forky, sid, trixie): resolved 4. | https://security-tracker.debian.org/tracker/CVE-2024-8418 |
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2024-8418 |
suse
|
high | CVE-2024-8418 severity important: SUSE including 4 source package names (aardvark-dns, aardvark-dns-1.12.2-1.1, aardvark-dns-1.14.0-1.el9, aardvark-dns-1.14.0-160000.2.2), 21 product×package rows across 21 product lines (SUSE Liberty Linux 9, SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS, … (21 product lines)): Known Not Affected 18, Fixed 3. | https://www.suse.com/security/cve/CVE-2024-8418/ |
ubuntu
|
medium | CVE-2024-8418 medium priority: Ubuntu including 1 source packages (aardvark-dns), 7 status rows across 7 suites (focal, jammy, noble, oracular, plucky, questing, upstream): not-affected 3, DNE 2, ignored 1, released 1. | https://ubuntu.com/security/CVE-2024-8418 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| containers | aardvark-dns | 1.12.0 | cpe:2.3:a:containers:aardvark-dns:1.12.0:*:*:*:*:*:*:* |
| containers | aardvark-dns | 1.12.1 | cpe:2.3:a:containers:aardvark-dns:1.12.1:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2025:7094 | |
| https://access.redhat.com/security/cve/CVE-2024-8418 | Third Party Advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=2309683 | Issue Tracking |
| https://github.com/containers/aardvark-dns/issues/500 | Exploit Issue Tracking |
| https://github.com/containers/aardvark-dns/pull/503 | Issue Tracking |