CVE-2024-1737

CWE-770Allocation without LimitsCWE-400Uncontrolled Resource Consumption14 documents8 sources
Severity
7.5HIGH
EPSS
0.2%
top 61.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
ISC Bind 9
Timeline
PublishedJul 23
Latest updateAug 15

Description

Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

Alpinebind< 9.18.31-r0+6
Debianbind9< 1:9.16.50-1~deb11u1+3
Ubuntubind9< 1:9.18.28-0ubuntu0.20.04.1+4
CVEListV5isc/bind_99.11.09.11.37+6

🔴Vulnerability Details

7
OSV
bind9 vulnerabilities2024-08-15
OSV
bind9 vulnerabilities2024-08-01
CVEList
BIND's database will be slow if a very large number of RRs exist at the same name2024-07-23
OSV
bind9 vulnerabilities2024-07-23
OSV
CVE-2024-1737: Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded pe2024-07-23

📋Vendor Advisories

6
Ubuntu
Bind vulnerabilities2024-08-15
Ubuntu
Bind vulnerabilities2024-08-01
Red Hat
bind: bind9: BIND's database will be slow if a very large number of RRs exist at the same nam2024-07-23
Ubuntu
Bind vulnerabilities2024-07-23
Microsoft
BIND's database will be slow if a very large number of RRs exist at the same name2024-07-09