CVE-2024-33655
published 2024-06-06CVE-2024-33655: The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be…
PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.73%
74.7th percentile
The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | unbound | < unbound 1.17.1-2+deb12u3 (bookworm) | unbound 1.17.1-2+deb12u3 (bookworm) |
| msrc | azl3_unbound_1.19.1-3_on_azure_linux_3.0 | — | — |
| msrc | azl3_unbound_1.19.1-4_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_unbound_1.19.1-3_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| nlnetlabs | unbound | >= 0 < 1.13.1-1+deb11u5 | 1.13.1-1+deb11u5 |
| nlnetlabs | unbound | >= 0 < 1.17.1-2+deb12u3 | 1.17.1-2+deb12u3 |
| nlnetlabs | unbound | >= 0 < 1.20.0-1 | 1.20.0-1 |
| nlnetlabs | unbound | >= 0 < 1.20.0-1 | 1.20.0-1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds such that responses are
vendor_msrc·2024-06-11·CVSS 7.5
CVE-2024-33655 [HIGH] CWE-400 The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds such that responses are
The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases) aka the "DNSBomb" issue.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in Octob
Ubuntu
Unbound vulnerability
vendor_ubuntu·2024-05-28
CVE-2024-33655 Unbound vulnerability
Title: Unbound vulnerability
Summary: Unbound could be made to take part in a denial of service attack.
It was discovered that Unbound could take part in a denial of service
amplification attack known as DNSBomb. This update introduces certain
resource limits to make the impact from Unbound significantly lower.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
unbound: DNSBomb vulnerability
vendor_redhat·2024-05-09·CVSS 7.5
CVE-2024-33655 [HIGH] CWE-400 unbound: DNSBomb vulnerability
unbound: DNSBomb vulnerability
The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue.
A DNSBomb flaw was found in the unbound package. The DNSBomb attack works by sending low-rate spoofed queries for a malicious zone to Unbound. By controlling the delay of the malicious authoritative answers, Unbound slowly accumulates pending answers for the spoofed addresses. When the authoritative answers become available to Unbound at the same time, Unbound starts serving all the accumulated queries. This results in large-sized, concentrated
Debian
CVE-2024-33655: unbound - The DNS protocol in RFC 1035 and updates allows remote attackers to cause a deni...
vendor_debian·2024·CVSS 7.5
CVE-2024-33655 [HIGH] CVE-2024-33655: unbound - The DNS protocol in RFC 1035 and updates allows remote attackers to cause a deni...
The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue.
Scope: local
bookworm: resolved (fixed in 1.17.1-2+deb12u3)
bullseye: resolved (fixed in 1.13.1-1+deb11u5)
forky: resolved (fixed in 1.20.0-1)
sid: resolved (fixed in 1.20.0-1)
trixie: resolved (fixed in 1.20.0-1)
OSV
CVE-2024-33655: The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to b
osv·2024-06-06·CVSS 7.5
CVE-2024-33655 [HIGH] CVE-2024-33655: The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to b
The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue.
GHSA
GHSA-2xh4-pf7v-vh6h: The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to b
ghsa_unreviewed·2024-06-06
CVE-2024-33655 [HIGH] CWE-400 GHSA-2xh4-pf7v-vh6h: The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to b
The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue.
No detection rules found.
No public exploits indexed.
https://alas.aws.amazon.com/ALAS-2024-1934.htmlhttps://datatracker.ietf.org/doc/html/rfc1035https://github.com/NLnetLabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3dehttps://github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md#version-120https://gitlab.isc.org/isc-projects/bind9/-/issues/4398https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TBXPRJ2Q235YUZKYDRWOSYNDFBJQWJ3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QITY2QBX2OCBTZIXD2A5ES62STFIA4AL/https://meterpreter.org/researchers-uncover-dnsbomb-a-new-pdos-attack-exploiting-legitimate-dns-features/https://nlnetlabs.nl/downloads/unbound/CVE-2024-33655.txthttps://nlnetlabs.nl/projects/unbound/security-advisories/https://sp2024.ieee-security.org/accepted-papers.htmlhttps://www.isc.org/blogs/2024-dnsbomb/https://alas.aws.amazon.com/ALAS-2024-1934.htmlhttps://datatracker.ietf.org/doc/html/rfc1035https://github.com/NLnetLabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3dehttps://github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md#version-120https://gitlab.isc.org/isc-projects/bind9/-/issues/4398https://lists.debian.org/debian-lts-announce/2025/08/msg00019.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TBXPRJ2Q235YUZKYDRWOSYNDFBJQWJ3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QITY2QBX2OCBTZIXD2A5ES62STFIA4AL/https://lists.fedoraproject.org/archives/list/[email protected]/message/3TBXPRJ2Q235YUZKYDRWOSYNDFBJQWJ3/https://lists.fedoraproject.org/archives/list/[email protected]/message/QITY2QBX2OCBTZIXD2A5ES62STFIA4AL/https://meterpreter.org/researchers-uncover-dnsbomb-a-new-pdos-attack-exploiting-legitimate-dns-features/https://nlnetlabs.nl/downloads/unbound/CVE-2024-33655.txthttps://nlnetlabs.nl/projects/unbound/security-advisories/https://sp2024.ieee-security.org/accepted-papers.htmlhttps://www.isc.org/blogs/2024-dnsbomb/
2024-06-06
Published