Red Hat Security Advisory: grafana security update
A moderate severity security advisory from Red Hat addresses vulnerabilities in Grafana related to underlying golang libraries. The issues include a malformed DNS message causing an infinite loop (CVE-2024-24788), incorrect handling of certain ZIP files (CVE-2024-24789), and unexpected behavior in IPv4-mapped IPv6 address methods (CVE-2024-24790). These vulnerabilities affect Red Hat Enterprise Linux 8 versions with Grafana packages. Red Hat has released updated packages to fix these issues.
AI Analysis
Technical Summary
This advisory covers three vulnerabilities impacting Grafana as packaged in Red Hat Enterprise Linux 8. The first (CVE-2024-24788) involves golang's net package where a malformed DNS message can cause an infinite loop. The second (CVE-2024-24789) is in golang's archive/zip package, which incorrectly handles certain ZIP files. The third (CVE-2024-24790) concerns golang's net/netip package, where the Is methods behave unexpectedly for IPv4-mapped IPv6 addresses. These underlying golang library issues have been addressed in updated Grafana packages provided by Red Hat.
Potential Impact
The vulnerabilities could lead to denial of service conditions (e.g., infinite loop) or incorrect processing of data (ZIP files and IP address checks) within Grafana environments on affected Red Hat Enterprise Linux 8 systems. The advisory rates the overall impact as moderate. There are no known exploits in the wild at this time.
Mitigation Recommendations
Red Hat has released updated Grafana packages for Red Hat Enterprise Linux 8 that address these vulnerabilities. Users should apply the security update as described in the Red Hat advisory RHSA-2024:5291 and the referenced update article (https://access.redhat.com/articles/11258). Patch status is confirmed as available. No additional mitigation steps are indicated by the vendor.
Red Hat Security Advisory: grafana security update
Description
A moderate severity security advisory from Red Hat addresses vulnerabilities in Grafana related to underlying golang libraries. The issues include a malformed DNS message causing an infinite loop (CVE-2024-24788), incorrect handling of certain ZIP files (CVE-2024-24789), and unexpected behavior in IPv4-mapped IPv6 address methods (CVE-2024-24790). These vulnerabilities affect Red Hat Enterprise Linux 8 versions with Grafana packages. Red Hat has released updated packages to fix these issues.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers three vulnerabilities impacting Grafana as packaged in Red Hat Enterprise Linux 8. The first (CVE-2024-24788) involves golang's net package where a malformed DNS message can cause an infinite loop. The second (CVE-2024-24789) is in golang's archive/zip package, which incorrectly handles certain ZIP files. The third (CVE-2024-24790) concerns golang's net/netip package, where the Is methods behave unexpectedly for IPv4-mapped IPv6 addresses. These underlying golang library issues have been addressed in updated Grafana packages provided by Red Hat.
Potential Impact
The vulnerabilities could lead to denial of service conditions (e.g., infinite loop) or incorrect processing of data (ZIP files and IP address checks) within Grafana environments on affected Red Hat Enterprise Linux 8 systems. The advisory rates the overall impact as moderate. There are no known exploits in the wild at this time.
Mitigation Recommendations
Red Hat has released updated Grafana packages for Red Hat Enterprise Linux 8 that address these vulnerabilities. Users should apply the security update as described in the Red Hat advisory RHSA-2024:5291 and the referenced update article (https://access.redhat.com/articles/11258). Patch status is confirmed as available. No additional mitigation steps are indicated by the vendor.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2024:5291
- Cve Count
- 3
- Additional Cves
- ["CVE-2024-24789","CVE-2024-24790"]
- Cvss Version
- null
Threat ID: 6a1df669e29bf47b50461dfa
Added to database: 6/1/2026, 9:15:21 PM
Last enriched: 6/1/2026, 9:23:00 PM
Last updated: 6/2/2026, 4:59:39 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.