#VU94710 Resource management error in ISC BIND


Vulnerability identifier: #VU94710

Vulnerability risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-1737

CWE-ID: CWE-399

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
ISC BIND
Server applications / DNS servers

Vendor: ISC

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application when handling a very large number of RRs. Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

ISC BIND: 9.11.0 - 9.19.24

External links
http://kb.isc.org/docs/cve-2024-1737
http://www.openwall.com/lists/oss-security/2024/07/23/1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Red Hat OpenShift GitOps 1.12
Multiple vulnerabilities in Red Hat OpenShift GitOps 1.13
Multiple vulnerabilities in Multicluster Engine for Kubernetes 2.4
Multiple vulnerabilities in Oracle Linux
Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.17
Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.17
Multiple vulnerabilities in OpenShift Data Foundation (formerly OpenShift Container Storage) 4.16
Multiple vulnerabilities in Migration Toolkit for Containers 1.8
Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.16
Multiple vulnerabilities in IBM i