CVE-2024-0760

{"id": "CVE-2024-0760", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security-officer@isc.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-07-23T15:15:03.520", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/07/23/1", "source": "security-officer@isc.org"}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/31/2", "source": "security-officer@isc.org"}, {"url": "https://kb.isc.org/docs/cve-2024-0760", "source": "security-officer@isc.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. \nThis issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1."}, {"lang": "es", "value": "Un cliente malintencionado puede enviar muchos mensajes DNS a trav\u00e9s de TCP, lo que podr\u00eda provocar que el servidor se vuelva inestable mientras el ataque est\u00e1 en curso. El servidor puede recuperarse una vez que cese el ataque. El uso de ACL no mitigar\u00e1 el ataque. Este problema afecta a las versiones 9.18.1 a 9.18.27, 9.19.0 a 9.19.24 y 9.18.11-S1 a 9.18.27-S1 de BIND 9."}], "lastModified": "2024-08-01T13:45:59.803", "sourceIdentifier": "security-officer@isc.org"}