CVE-2024-47609

Summary

CVE-2024-47609 is a vulnerability affecting the Tonic framework, specifically when using the tonic::transport::Server implementation. This issue allows for a remote denial-of-service (DoS) attack that may cause the server to exit unexpectedly when it encounters certain unhandled errors during TCP/TLS stream acceptance. To remediate this vulnerability, users should upgrade to Tonic version 0.12.3 or newer. The vulnerability has a low exploitability score of 3.9 and does not require user interaction or special privileges to exploit, posing a risk primarily to server availability without impacting data confidentiality or integrity. Affected products include zIOc-x, zIS_fm, and zIOc-y within the ecosystem using Tonic.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.