CVE-2024-12705

Опубликовано: 29 янв. 2025

Источник: ubuntu

Приоритет: medium

CVSS3: 7.5

Описание

Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1.

Релиз	Статус	Примечание
devel	released	1:9.20.0-2ubuntu4
esm-infra-legacy/trusty	needs-triage
esm-infra/bionic	needs-triage
esm-infra/focal	not-affected	1:9.18.30-0ubuntu0.20.04.2
esm-infra/xenial	needs-triage
focal	released	1:9.18.30-0ubuntu0.20.04.2
jammy	released	1:9.18.30-0ubuntu0.22.04.2
noble	released	1:9.18.30-0ubuntu0.24.04.2
oracular	released	1:9.20.0-2ubuntu3.1
plucky	released	1:9.20.0-2ubuntu4

Показывать по

Релиз	Статус	Примечание
devel	DNE
esm-infra/focal	needs-triage
focal	ignored	end of standard support, was needs-triage
jammy	needs-triage
noble	DNE
oracular	DNE
plucky	DNE
upstream	needs-triage

Показывать по

Релиз	Статус	Примечание
devel	needs-triage
esm-apps/noble	needs-triage
esm-infra-legacy/trusty	not-affected	code not present
esm-infra/bionic	needs-triage
esm-infra/focal	not-affected	code not present
esm-infra/xenial	not-affected	code not present
focal	not-affected	code not present
jammy	not-affected	code not present
noble	needs-triage
oracular	needs-triage

Показывать по

Ссылки на источники

7.5 High

CVSS3

Связанные уязвимости

CVE-2024-12705

CVSS3: 7.5

redhat

больше 1 года назад

CVE-2024-12705

CVSS3: 7.5

nvd

5 месяцев назад

CVE-2024-12705

CVSS3: 7.5

msrc

4 месяца назад

Описание отсутствует

CVE-2024-12705

CVSS3: 7.5

debian

5 месяцев назад

Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU an ...

GHSA-gf34-2fpp-vmc4

CVSS3: 7.5

github

5 месяцев назад

7.5 High

CVSS3

CVE-2024-12705

Описание

Пакет bind9

Пакет bind9-libs

Пакет isc-dhcp

Ссылки на источники

Связанные уязвимости