cbcvebase.
CVE-2024-33655
published 2024-06-06

CVE-2024-33655: The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be…

PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.73%
74.7th percentile
The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue.

Affected

12 ranges
VendorProductVersion rangeFixed in
debianunbound< unbound 1.17.1-2+deb12u3 (bookworm)unbound 1.17.1-2+deb12u3 (bookworm)
msrcazl3_unbound_1.19.1-3_on_azure_linux_3.0
msrcazl3_unbound_1.19.1-4_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl2_unbound_1.19.1-3_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
nlnetlabsunbound>= 0 < 1.13.1-1+deb11u51.13.1-1+deb11u5
nlnetlabsunbound>= 0 < 1.17.1-2+deb12u31.17.1-2+deb12u3
nlnetlabsunbound>= 0 < 1.20.0-11.20.0-1
nlnetlabsunbound>= 0 < 1.20.0-11.20.0-1

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.