CVE-2024-1975

If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.
Configurations

No configuration.

History

01 Aug 2024, 13:46

Type Values Removed Values Added
CWE CWE-770

31 Jul 2024, 11:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/31/2 -

24 Jul 2024, 12:55

Type Values Removed Values Added
Summary
  • (es) Si un servidor aloja una zona que contiene un registro de recursos "KEY", o un solucionador DNSSEC valida un registro de recursos "KEY" de un dominio firmado por DNSSEC en caché, un cliente puede agotar los recursos de la CPU del solucionador enviando una secuencia de solicitudes firmadas SIG(0). Este problema afecta a las versiones de BIND 9 9.0.0 a 9.11.37, 9.16.0 a 9.16.50, 9.18.0 a 9.18.27, 9.19.0 a 9.19.24, 9.9.3-S1 a 9.11.37-S1, 9.16.8-S1 a 9.16.49-S1 y 9.18.11-S1 a 9.18.27-S1.

23 Jul 2024, 16:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/23/1 -

23 Jul 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-23 15:15

Updated : 2024-08-01 13:46


NVD link : CVE-2024-1975

Mitre link : CVE-2024-1975

CVE.ORG link : CVE-2024-1975


JSON object : View

Products Affected

No product.

CWE
CWE-770

Allocation of Resources Without Limits or Throttling