Red Hat Security Advisory: Red Hat build of Cryostat security update
Red Hat has issued a security update for the Red Hat build of Cryostat 3 on RHEL 8 addressing two vulnerabilities in the golang net packages. The first vulnerability (CVE-2024-24788) involves a malformed DNS message that can cause an infinite loop. The second (CVE-2024-24790) concerns unexpected behavior in Is methods for IPv4-mapped IPv6 addresses. These issues have been rated with moderate security impact by Red Hat. No CVSS scores are provided in the advisory. The update is available and recommended to mitigate these issues.
AI Analysis
Technical Summary
This advisory covers two vulnerabilities affecting the golang net packages used in the Red Hat build of Cryostat 3 on RHEL 8. CVE-2024-24788 is a flaw where a malformed DNS message can trigger an infinite loop, potentially impacting application stability. CVE-2024-24790 involves unexpected behavior in the Is methods for IPv4-mapped IPv6 addresses within the net/netip package, which could lead to incorrect IP address handling. Red Hat has released an update to address these vulnerabilities, rated as moderate in severity. The advisory references Red Hat Security Advisory RHSA-2024:4697 for detailed remediation instructions.
Potential Impact
The vulnerabilities may cause application instability due to infinite loops triggered by malformed DNS messages and incorrect behavior in IP address handling methods. The impact is rated moderate by Red Hat, indicating these issues could affect reliability or correctness of network-related functions in Cryostat 3 on RHEL 8. There are no known exploits in the wild at this time.
Mitigation Recommendations
A security update is available from Red Hat for the Red Hat build of Cryostat 3 on RHEL 8 that addresses these vulnerabilities. Users should apply this update after ensuring all previously released relevant errata have been applied. Refer to the official Red Hat advisory RHSA-2024:4697 and the update instructions at https://access.redhat.com/articles/11258 for detailed guidance. No additional mitigation steps are indicated by the vendor.
Red Hat Security Advisory: Red Hat build of Cryostat security update
Description
Red Hat has issued a security update for the Red Hat build of Cryostat 3 on RHEL 8 addressing two vulnerabilities in the golang net packages. The first vulnerability (CVE-2024-24788) involves a malformed DNS message that can cause an infinite loop. The second (CVE-2024-24790) concerns unexpected behavior in Is methods for IPv4-mapped IPv6 addresses. These issues have been rated with moderate security impact by Red Hat. No CVSS scores are provided in the advisory. The update is available and recommended to mitigate these issues.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers two vulnerabilities affecting the golang net packages used in the Red Hat build of Cryostat 3 on RHEL 8. CVE-2024-24788 is a flaw where a malformed DNS message can trigger an infinite loop, potentially impacting application stability. CVE-2024-24790 involves unexpected behavior in the Is methods for IPv4-mapped IPv6 addresses within the net/netip package, which could lead to incorrect IP address handling. Red Hat has released an update to address these vulnerabilities, rated as moderate in severity. The advisory references Red Hat Security Advisory RHSA-2024:4697 for detailed remediation instructions.
Potential Impact
The vulnerabilities may cause application instability due to infinite loops triggered by malformed DNS messages and incorrect behavior in IP address handling methods. The impact is rated moderate by Red Hat, indicating these issues could affect reliability or correctness of network-related functions in Cryostat 3 on RHEL 8. There are no known exploits in the wild at this time.
Mitigation Recommendations
A security update is available from Red Hat for the Red Hat build of Cryostat 3 on RHEL 8 that addresses these vulnerabilities. Users should apply this update after ensuring all previously released relevant errata have been applied. Refer to the official Red Hat advisory RHSA-2024:4697 and the update instructions at https://access.redhat.com/articles/11258 for detailed guidance. No additional mitigation steps are indicated by the vendor.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2024:4697
- Cve Count
- 2
- Additional Cves
- ["CVE-2024-24790"]
- Cvss Version
- null
Threat ID: 6a1df669e29bf47b5046210a
Added to database: 6/1/2026, 9:15:21 PM
Last enriched: 6/1/2026, 9:23:17 PM
Last updated: 6/2/2026, 6:50:21 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.