{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-11187","assignerOrgId":"404fd4d2-a609-4245-b543-2c944a302a22","state":"PUBLISHED","assignerShortName":"isc","dateReserved":"2024-11-13T17:20:48.660Z","datePublished":"2025-01-29T21:40:11.942Z","dateUpdated":"2025-02-11T19:02:32.914Z"},"containers":{"cna":{"providerMetadata":{"orgId":"404fd4d2-a609-4245-b543-2c944a302a22","shortName":"isc","dateUpdated":"2025-01-29T21:40:11.942Z"},"title":"Many records in the additional section cause CPU exhaustion","datePublic":"2025-01-29T00:00:00.000Z","affected":[{"vendor":"ISC","product":"BIND 9","versions":[{"version":"9.11.0","lessThanOrEqual":"9.11.37","status":"affected","versionType":"custom"},{"version":"9.16.0","lessThanOrEqual":"9.16.50","status":"affected","versionType":"custom"},{"version":"9.18.0","lessThanOrEqual":"9.18.32","status":"affected","versionType":"custom"},{"version":"9.20.0","lessThanOrEqual":"9.20.4","status":"affected","versionType":"custom"},{"version":"9.21.0","lessThanOrEqual":"9.21.3","status":"affected","versionType":"custom"},{"version":"9.11.3-S1","lessThanOrEqual":"9.11.37-S1","status":"affected","versionType":"custom"},{"version":"9.16.8-S1","lessThanOrEqual":"9.16.50-S1","status":"affected","versionType":"custom"},{"version":"9.18.11-S1","lessThanOrEqual":"9.18.32-S1","status":"affected","versionType":"custom"}],"defaultStatus":"unaffected"}],"metrics":[{"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-405","description":"CWE-405 Asymmetric Resource Consumption (Amplification)"}]}],"descriptions":[{"lang":"en","value":"It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure.\nThis issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1."}],"impacts":[{"descriptions":[{"lang":"en","value":"A `named` instance vulnerable to this issue can be compelled to consume excessive CPU resources up to the point where exhaustion of resources effectively prevents the server from responding to other client queries. This issue is most likely to affect resolvers but could also degrade authoritative server performance."}]}],"workarounds":[{"lang":"en","value":"Setting option `minimal-responses yes;` provides an effective workaround."}],"exploits":[{"lang":"en","value":"We are not aware of any active exploits."}],"solutions":[{"lang":"en","value":"Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.33, 9.20.5, 9.21.4, or 9.18.33-S1."}],"credits":[{"lang":"en","value":"ISC would like to thank Toshifumi Sakaguchi for bringing this vulnerability to our attention."}],"references":[{"url":"https://kb.isc.org/docs/cve-2024-11187","name":"CVE-2024-11187","tags":["vendor-advisory"]}],"source":{"discovery":"EXTERNAL"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-01-30T15:27:46.174106Z","id":"CVE-2024-11187","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-30T15:27:58.342Z"}},{"title":"CVE Program Container","references":[{"url":"https://security.netapp.com/advisory/ntap-20250207-0002/"},{"url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00011.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-02-11T19:02:32.914Z"}}]}}