CVE-2024-11187

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-11187

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-11187.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-11187

Downstream

ALPINE-CVE-2024-11187

BELL-CVE-2024-11187

DEBIAN-CVE-2024-11187

DLA-4050-1

DSA-5854-1

OESA-2025-1105

OESA-2025-1106

OESA-2025-1172

OESA-2025-1215

OESA-2025-1341

OESA-2025-1558

RHSA-2025:1664

RHSA-2025:1665

RHSA-2025:1666

RHSA-2025:1669

RHSA-2025:1670

RHSA-2025:1674

RHSA-2025:1675

RHSA-2025:1676

RHSA-2025:1678

RHSA-2025:1679

RHSA-2025:1681

RHSA-2025:1684

RHSA-2025:1685

RHSA-2025:1687

RHSA-2025:1691

RHSA-2025:1718

SUSE-SU-2025:01787-1

SUSE-SU-2025:0337-1

SUSE-SU-2025:0355-1

SUSE-SU-2025:0359-1

SUSE-SU-2025:0384-1

SUSE-SU-2025:0389-1

SUSE-SU-2025:0427-1

UBUNTU-CVE-2024-11187

USN-7241-1

openSUSE-SU-2025:14719-1

Related

Published

2025-01-29T22:15:28Z

Modified

2025-08-09T19:01:29Z

Summary

[none]

Details

It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.

References

Affected packages