CVE-2024-4438

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published May 8, 2024

Updated: May 30, 2024

CWE ID 400

Summary

CVE-2024-4438 is a new vulnerability affecting the etcd package in Red Hat OpenStack. Though it was intended to address CVE-2023-39325 and CVE-2023-44487 (Rapid Reset), the current fix falls short. The issue arises due to the use of an external http2 library (http://golang.org/x/net/http2) instead of the one provided by Red Hat Enterprise Linux, necessitating an update at compile time. This discrepancy puts OpenStack platforms running this etcd package at risk. Red Hat is working on a more comprehensive solution.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vy-_Uu
https://www.cve.org/CVERecord?id=CVE-2024-4438
https://nvd.nist.gov/vuln/detail/CVE-2024-4438

Back to Vulnerability Database

CVE-2024-4438

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations