Описание
The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers.
This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
A flaw was found in the bind package. This issue may allow a remote attacker with no specific privileges to craft a specially long DNS message leading to an excessive and uncontrolled CPU usage, the server being unavailable, and a Denial of Service.
Отчет
This vulnerability in the DNS message parsing code of BIND is of important severity due to its potential to cause excessive and uncontrolled CPU usage through specially crafted DNS queries or responses. The flaw exposes both authoritative DNS servers and recursive resolvers to Denial of Service (DoS) attacks, where an attacker can exploit the high computational complexity of the parsing routine to overwhelm the server. This can lead to significant degradation of service, rendering the DNS server unresponsive and disrupting network operations.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 9 | dhcp | Not affected | ||
| Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION | bind | Fixed | RHSA-2025:0039 | 06.01.2025 |
| Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION | bind-dyndb-ldap | Fixed | RHSA-2025:0039 | 06.01.2025 |
| Red Hat Enterprise Linux 7 | bind | Fixed | RHSA-2024:3741 | 10.06.2024 |
| Red Hat Enterprise Linux 7 | bind-dyndb-ldap | Fixed | RHSA-2024:3741 | 10.06.2024 |
| Red Hat Enterprise Linux 7 | dhcp | Fixed | RHSA-2024:3741 | 10.06.2024 |
| Red Hat Enterprise Linux 8 | bind9.16 | Fixed | RHSA-2024:1781 | 11.04.2024 |
| Red Hat Enterprise Linux 8 | bind | Fixed | RHSA-2024:1782 | 12.04.2024 |
| Red Hat Enterprise Linux 8 | bind | Fixed | RHSA-2024:3271 | 22.05.2024 |
| Red Hat Enterprise Linux 8 | bind | Fixed | RHSA-2024:1782 | 12.04.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
The DNS message parsing code in `named` includes a section whose compu ...
The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
EPSS
7.5 High
CVSS3