CVE-2024-1975
HIGHBIND 9.0.0-9.11.37, 9.16.0-9.16.50, 9.18.0-9.18.27, 9.19.0-9.19.24 - CPU Exhaustion via SIG(0)
Title source: llmDescription
If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.
References (4)
Core 4
Core References
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240731-0002/
Various Sources vendor-advisory
https://kb.isc.org/docs/cve-2024-1975
Scores
CVSS v3
7.5
EPSS
0.0024
EPSS Percentile
46.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-770
Status
published
Products (7)
ISC/BIND 9
9.0.0 - 9.11.37
ISC/BIND 9
9.16.0 - 9.16.50
ISC/BIND 9
9.16.8-S1 - 9.16.49-S1
ISC/BIND 9
9.18.0 - 9.18.27
ISC/BIND 9
9.18.11-S1 - 9.18.27-S1
ISC/BIND 9
9.19.0 - 9.19.24
ISC/BIND 9
9.9.3-S1 - 9.11.37-S1
Published
Jul 23, 2024
Tracked Since
Feb 18, 2026