CVE-2024-11187

HIGH

BIND <9.11.38-9.16.51-9.18 - DoS

Title source: llm

Description

It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.

References (3)

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/02/msg00011.html

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20250207-0002/

[Various Sources] https://kb.isc.org/docs/cve-2024-11187

Scores

CVSS v3 7.5

EPSS 0.0407

EPSS Percentile 88.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-405

Status published

Products (8)

ISC/BIND 9 9.11.0 - 9.11.37

ISC/BIND 9 9.11.3-S1 - 9.11.37-S1

ISC/BIND 9 9.16.0 - 9.16.50

ISC/BIND 9 9.16.8-S1 - 9.16.50-S1

ISC/BIND 9 9.18.0 - 9.18.32

ISC/BIND 9 9.18.11-S1 - 9.18.32-S1

ISC/BIND 9 9.20.0 - 9.20.4

ISC/BIND 9 9.21.0 - 9.21.3

Published Jan 29, 2025

Tracked Since Feb 18, 2026