CVE-2024-11187

Name
CVE-2024-11187
Description
It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vendor-advisory https://kb.isc.org/docs/cve-2024-11187
af854a3a-2127-422b-91ae-364da2661108 https://security.netapp.com/advisory/ntap-20250207-0002/
af854a3a-2127-422b-91ae-364da2661108 https://lists.debian.org/debian-lts-announce/2025/02/msg00011.html

Match rules

CPE URI Source package Min version Max version
bind-9 >= 9.11.0 <= 9.11.37
bind-9 >= 9.16.0 <= 9.16.50
bind-9 >= 9.18.0 <= 9.18.32
bind-9 >= 9.20.0 <= 9.20.4
bind-9 >= 9.21.0 <= 9.21.3
bind-9 >= 9.11.3-S1 <= 9.11.37-S1
bind-9 >= 9.16.8-S1 <= 9.16.50-S1
bind-9 >= 9.18.11-S1 <= 9.18.32-S1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
bind edge-main 9.18.33-r0 Mike Crute <mike@crute.us> fixed
bind 3.21-main 9.18.33-r0 Mike Crute <mike@crute.us> fixed
bind 3.20-main 9.18.33-r0 Mike Crute <mike@crute.us> fixed
bind 3.19-main 9.18.33-r0 Mike Crute <mike@crute.us> fixed
bind 3.18-main 9.18.33-r0 Mike Crute <mike@crute.us> fixed