CVE-2024-12705

CWE-770 — Allocation without Limits CWE-400 — Uncontrolled Resource Consumption9 documents7 sources

Severity

7.5HIGH

EPSS

0.2%

top 58.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind 9

Timeline

PublishedJan 29

Latest updateJan 30

Description

Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶Alpinebind< 9.18.33-r0+5

▶Debianbind9< 1:9.18.33-1~deb12u2+2

▶CVEListV5isc/bind_99.18.0 — 9.18.32+3

🔴Vulnerability Details

GHSA

GHSA-gf34-2fpp-vmc4: Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic↗2025-01-30

▶

CVEList

DNS-over-HTTPS implementation suffers from multiple issues under heavy query load↗2025-01-29

▶

OSV

CVE-2024-12705: Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic↗2025-01-29

▶

OSV

CVE-2024-12705: Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic↗2025-01-29

▶

OSV

bind9 vulnerabilities↗2025-01-29

▶

📋Vendor Advisories

Ubuntu

Bind vulnerabilities↗2025-01-29

▶

Red Hat

bind: bind9: DNS-over-HTTPS implementation suffers from multiple issues under heavy query load↗2024-01-29

▶

Debian

CVE-2024-12705: bind9 - Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memor...↗2024

▶