CVE-2024-0760

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-0760
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0760.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-0760
Related
Published
2024-07-23T15:15:03Z
Modified
2024-09-18T03:24:48.619698Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1.

References

Affected packages

Debian:12 / bind9

Package

Name
bind9
Purl
pkg:deb/debian/bind9?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:9.18.28-1~deb12u1

Affected versions

1:9.*

1:9.18.12-1
1:9.18.13-1
1:9.18.16-1~deb12u1~bpo11+1
1:9.18.16-1~deb12u1
1:9.18.16-1
1:9.18.19-1~deb12u1~bpo11+1
1:9.18.19-1~deb12u1
1:9.18.24-1~bpo11+1
1:9.18.24-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / bind9

Package

Name
bind9
Purl
pkg:deb/debian/bind9?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:9.20.0-1

Affected versions

1:9.*

1:9.18.12-1
1:9.18.13-1
1:9.18.16-1~deb12u1~bpo11+1
1:9.18.16-1~deb12u1
1:9.18.16-1
1:9.18.19-1~deb12u1~bpo11+1
1:9.18.19-1~deb12u1
1:9.18.24-1~bpo11+1
1:9.18.24-1
1:9.18.28-1~deb12u1
1:9.18.28-1~deb12u2
1:9.19.6-1
1:9.19.6-2
1:9.19.10-1
1:9.19.11-1
1:9.19.14-1
1:9.19.17-1
1:9.19.19-1
1:9.19.21-1
1:9.19.24-2
1:9.19.24-185-g392e7199df2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}