The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue.
References
Configurations
No configuration.
History
21 Nov 2024, 09:17
Type | Values Removed | Values Added |
---|---|---|
References | () https://alas.aws.amazon.com/ALAS-2024-1934.html - | |
References | () https://datatracker.ietf.org/doc/html/rfc1035 - | |
References | () https://github.com/NLnetLabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de - | |
References | () https://github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md#version-120 - | |
References | () https://gitlab.isc.org/isc-projects/bind9/-/issues/4398 - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TBXPRJ2Q235YUZKYDRWOSYNDFBJQWJ3/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QITY2QBX2OCBTZIXD2A5ES62STFIA4AL/ - | |
References | () https://meterpreter.org/researchers-uncover-dnsbomb-a-new-pdos-attack-exploiting-legitimate-dns-features/ - | |
References | () https://nlnetlabs.nl/downloads/unbound/CVE-2024-33655.txt - | |
References | () https://nlnetlabs.nl/projects/unbound/security-advisories/ - | |
References | () https://sp2024.ieee-security.org/accepted-papers.html - | |
References | () https://www.isc.org/blogs/2024-dnsbomb/ - |
22 Aug 2024, 19:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-400 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
10 Jun 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Jun 2024, 17:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Jun 2024, 14:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
06 Jun 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-06 17:15
Updated : 2024-11-21 09:17
NVD link : CVE-2024-33655
Mitre link : CVE-2024-33655
CVE.ORG link : CVE-2024-33655
JSON object : View
Products Affected
No product.
CWE
CWE-400
Uncontrolled Resource Consumption