Red Hat Enterprise Linux (unbound und mpg123): Mehrere Schwachstellen
Two moderate security vulnerabilities have been identified in Red Hat Enterprise Linux packages: unbound and mpg123. The unbound vulnerability (CVE-2024-8508) involves unbounded name compression that could lead to a denial of service. The mpg123 vulnerability (CVE-2024-10573) is a buffer overflow occurring when writing decoded PCM samples. Both issues affect specific versions of Red Hat Enterprise Linux 8 and 9. 4 Extended Update Support. Red Hat has released security updates addressing these vulnerabilities.
AI Analysis
Technical Summary
The unbound package in Red Hat Enterprise Linux 9.4 Extended Update Support contains a vulnerability (CVE-2024-8508) where unbounded name compression may cause a denial of service condition. Separately, the mpg123 package in Red Hat Enterprise Linux 8 suffers from a buffer overflow vulnerability (CVE-2024-10573) when writing decoded PCM samples. Both vulnerabilities have been rated with a moderate security impact by Red Hat Product Security. Security advisories RHSA-2024:11170 and RHSA-2024:11193 provide updated packages to remediate these issues.
Potential Impact
Exploitation of the unbound vulnerability could cause denial of service by triggering unbounded name compression. The mpg123 vulnerability could lead to memory corruption due to a buffer overflow when processing audio data. Both vulnerabilities have moderate severity and could impact system stability or reliability if exploited.
Mitigation Recommendations
Red Hat has released official security updates for both unbound and mpg123 packages. Users should apply the updates provided in advisories RHSA-2024:11170 (for unbound on RHEL 9.4) and RHSA-2024:11193 (for mpg123 on RHEL 8) to remediate these vulnerabilities. Detailed update instructions are available at https://access.redhat.com/articles/11258. No additional mitigation actions are specified by the vendor.
Red Hat Enterprise Linux (unbound und mpg123): Mehrere Schwachstellen
Description
Two moderate security vulnerabilities have been identified in Red Hat Enterprise Linux packages: unbound and mpg123. The unbound vulnerability (CVE-2024-8508) involves unbounded name compression that could lead to a denial of service. The mpg123 vulnerability (CVE-2024-10573) is a buffer overflow occurring when writing decoded PCM samples. Both issues affect specific versions of Red Hat Enterprise Linux 8 and 9. 4 Extended Update Support. Red Hat has released security updates addressing these vulnerabilities.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The unbound package in Red Hat Enterprise Linux 9.4 Extended Update Support contains a vulnerability (CVE-2024-8508) where unbounded name compression may cause a denial of service condition. Separately, the mpg123 package in Red Hat Enterprise Linux 8 suffers from a buffer overflow vulnerability (CVE-2024-10573) when writing decoded PCM samples. Both vulnerabilities have been rated with a moderate security impact by Red Hat Product Security. Security advisories RHSA-2024:11170 and RHSA-2024:11193 provide updated packages to remediate these issues.
Potential Impact
Exploitation of the unbound vulnerability could cause denial of service by triggering unbounded name compression. The mpg123 vulnerability could lead to memory corruption due to a buffer overflow when processing audio data. Both vulnerabilities have moderate severity and could impact system stability or reliability if exploited.
Mitigation Recommendations
Red Hat has released official security updates for both unbound and mpg123 packages. Users should apply the updates provided in advisories RHSA-2024:11170 (for unbound on RHEL 9.4) and RHSA-2024:11193 (for mpg123 on RHEL 8) to remediate these vulnerabilities. Detailed update instructions are available at https://access.redhat.com/articles/11258. No additional mitigation actions are specified by the vendor.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_base
- Csaf Version
- 2.0
- Publisher
- Bundesamt für Sicherheit in der Informationstechnik
- Advisory Id
- WID-SEC-W-2024-3710
- Cve Count
- 2
- Additional Cves
- ["CVE-2024-8508"]
- Cvss Version
- null
Threat ID: 6a27e99e8dd33fbd8516c4ea
Added to database: 6/9/2026, 10:23:26 AM
Last enriched: 6/9/2026, 10:44:32 AM
Last updated: 6/10/2026, 5:08:27 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.