CVE-2024-1737

HIGH

BIND 9 DoS via RRSet Overload (9.11.0-9.11.37, 9.16.0-9.16.50, 9.18.0-9.18.27, 9.19.0-9.19.24)

Title source: llm

Description

Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.

References (5)

Core 5

Core References

Mailing List

http://www.openwall.com/lists/oss-security/2024/07/23/1

Vendor Advisory

https://security.netapp.com/advisory/ntap-20240731-0003/

Mailing List

http://www.openwall.com/lists/oss-security/2024/07/31/2

Various Sources vendor-advisory

https://kb.isc.org/docs/cve-2024-1737

Various Sources related

https://kb.isc.org/docs/rrset-limits-in-zones

Scores

CVSS v3 7.5

EPSS 0.0028

EPSS Percentile 51.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-770

Status published

Products (7)

ISC/BIND 9 9.11.0 - 9.11.37

ISC/BIND 9 9.11.4-S1 - 9.11.37-S1

ISC/BIND 9 9.16.0 - 9.16.50

ISC/BIND 9 9.16.8-S1 - 9.16.50-S1

ISC/BIND 9 9.18.0 - 9.18.27

ISC/BIND 9 9.18.11-S1 - 9.18.27-S1

ISC/BIND 9 9.19.0 - 9.19.24

Published Jul 23, 2024

Tracked Since Feb 18, 2026