cbcvebase.
CVE-2024-1737
published 2024-07-23

CVE-2024-1737: Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance…

high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.

Affected

28 ranges· showing 25
VendorProductVersion rangeFixed in
debianbind9< bind9 1:9.18.28-1~deb12u1 (bookworm)bind9 1:9.18.28-1~deb12u1 (bookworm)
iscbind>= 0 < 9.18.31-r09.18.31-r0
iscbind>= 0 < 9.18.31-r09.18.31-r0
iscbind>= 0 < 9.18.31-r09.18.31-r0
iscbind>= 0 < 9.18.31-r09.18.31-r0
iscbind>= 0 < 9.18.28-r09.18.28-r0
iscbind>= 0 < 9.18.28-r09.18.28-r0
iscbind>= 0 < 9.18.28-r09.18.28-r0
iscbind9>= 0 < 1:9.16.50-1~deb11u11:9.16.50-1~deb11u1
iscbind9>= 0 < 1:9.18.28-1~deb12u11:9.18.28-1~deb12u1
iscbind9>= 0 < 1:9.20.0-11:9.20.0-1
iscbind9>= 0 < 1:9.20.0-11:9.20.0-1
iscbind9>= 0 < 1:9.18.28-0ubuntu0.20.04.11:9.18.28-0ubuntu0.20.04.1
iscbind9>= 0 < 1:9.18.28-0ubuntu0.22.04.11:9.18.28-0ubuntu0.22.04.1
iscbind9>= 0 < 1:9.18.28-0ubuntu0.24.04.11:9.18.28-0ubuntu0.24.04.1
iscbind9>= 0 < 1:9.10.3.dfsg.P4-8ubuntu1.19+esm91:9.10.3.dfsg.P4-8ubuntu1.19+esm9
iscbind9>= 0 < 1:9.11.3+dfsg-1ubuntu1.19+esm41:9.11.3+dfsg-1ubuntu1.19+esm4
iscbind_99.11.0 – 9.11.37
iscbind_99.11.4-S1 – 9.11.37-S1
iscbind_99.16.0 – 9.16.50
iscbind_99.16.8-S1 – 9.16.50-S1
iscbind_99.18.0 – 9.18.27
iscbind_99.18.11-S1 – 9.18.27-S1
iscbind_99.19.0 – 9.19.24
msrcazl3_bind_9.19.21-1_on_azure_linux_3.0

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH