CVE-2024-29018

Summary

CVE-2024-29018 is a vulnerability affecting Moby, an open source container framework used in Docker Engine and Desktop. The issue lies in the way Moby's networking implementation handles DNS resolutions for containers on internal networks. When a container is attached to an internal network, it is unable to resolve names using the upstream resolver as it cannot communicate with that nameserver. Instead, `dockerd` forwards DNS requests from the container's network namespace to the host loopback device, bypassing normal routing semantics. This can lead to unexpected forwarding of DNS requests to external nameservers, potentially allowing an attacker to exfiltrate data by encoding it in DNS queries. Containers running on internal networks should be configured with a custom upstream address to mitigate this risk. Moby releases 26.0.0, 25.0.4, and 23.0.11 have been patched to prevent the forwarding of any DNS requests from internal networks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.