Updated: 2024-11-30 03:45:47.770751
Description:
If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0 |
| CVSS Version 3.x | HIGH | 7.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | bind | 9.16.23 | 7.5 | HIGH | Released | CLSA-2024:1726583188 | 2024-09-17 12:33:01 | |
| CentOS 6 ELS | bind | 9.8.2 | 7.5 | HIGH | Released | CLSA-2024:1724705338 | 2024-09-16 12:30:18 | |
| CentOS 7 ELS | bind | 9.11.4 | 7.5 | HIGH | Released | CLSA-2024:1724348053 | 2024-09-16 12:30:19 | |
| CentOS 8.4 ELS | bind | 9.11.26 | 7.5 | HIGH | Released | CLSA-2024:1725471321 | 2024-09-04 14:26:38 | |
| CentOS 8.5 ELS | bind | 9.11.26 | 7.5 | HIGH | Released | CLSA-2024:1725471399 | 2024-09-04 14:26:37 | |
| CentOS Stream 8 ELS | bind | 9.11.36 | 7.5 | HIGH | Released | CLSA-2024:1726583248 | 2024-09-17 12:33:02 | |
| CloudLinux 6 ELS | bind | 9.8.2 | 7.5 | HIGH | Released | CLSA-2024:1724705134 | 2024-09-18 12:29:59 | |
| CloudLinux 7 ELS | bind | 9.11.4 | 7.5 | HIGH | Released | CLSA-2024:1724348412 | 2024-09-18 12:29:59 | |
| Oracle Linux 6 ELS | bind | 9.8.2 | 7.5 | HIGH | Released | CLSA-2024:1724704960 | 2024-08-26 17:30:54 | |
| Oracle Linux 7 ELS | bind | 9.11.4 | 7.5 | HIGH | Already Fixed | 2024-12-09 11:55:23 |