CVE-2024-1975

Updated: 2025-08-20 01:46:28.411752

Description:

If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0.0
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU bind-dyndb-ldap 11.9 7.5 HIGH Not Vulnerable 2025-12-05 21:56:58 Not affected: CVE-2024-1975 targets BIND 9’s named daemon, specifically the SIG(0) verification pa...
AlmaLinux 9.2 ESU bind 9.16.23 7.5 HIGH Released CLSA-2024:1726583188 2024-09-17 12:33:01 Not affected: CVE-2024-1975 targets BIND 9’s named daemon, specifically the SIG(0) verification pa...
CentOS 6 ELS bind 9.8.2 7.5 HIGH Released CLSA-2024:1724705338 2024-09-16 12:30:18
CentOS 7 ELS bind 9.11.4 7.5 HIGH Released CLSA-2024:1724348053 2024-09-16 12:30:19
CentOS 8.4 ELS bind 9.11.26 7.5 HIGH Released CLSA-2024:1725471321 2024-09-04 14:26:38
CentOS 8.5 ELS bind 9.11.26 7.5 HIGH Released CLSA-2024:1725471399 2024-09-04 14:26:37
CentOS Stream 8 ELS bind 9.11.36 7.5 HIGH Released CLSA-2024:1726583248 2024-09-17 12:33:02
CloudLinux 6 ELS bind 9.8.2 7.5 HIGH Released CLSA-2024:1724705134 2024-09-18 12:29:59
CloudLinux 7 ELS bind 9.11.4 7.5 HIGH Released CLSA-2024:1724348412 2024-09-18 12:29:59
Oracle Linux 6 ELS bind 9.8.2 7.5 HIGH Released CLSA-2024:1724704960 2024-08-26 17:30:54
Total: 14