{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2024-1737","assignerOrgId":"404fd4d2-a609-4245-b543-2c944a302a22","state":"PUBLISHED","assignerShortName":"isc","dateReserved":"2024-02-22T10:11:43.508Z","datePublished":"2024-07-23T14:34:09.750Z","dateUpdated":"2025-02-13T17:32:25.755Z"},"containers":{"cna":{"providerMetadata":{"orgId":"404fd4d2-a609-4245-b543-2c944a302a22","shortName":"isc","dateUpdated":"2024-07-31T11:05:54.006Z"},"title":"BIND's database will be slow if a very large number of RRs exist at the same name","datePublic":"2024-07-23T00:00:00.000Z","affected":[{"vendor":"ISC","product":"BIND 9","versions":[{"version":"9.11.0","lessThanOrEqual":"9.11.37","status":"affected","versionType":"custom"},{"version":"9.16.0","lessThanOrEqual":"9.16.50","status":"affected","versionType":"custom"},{"version":"9.18.0","lessThanOrEqual":"9.18.27","status":"affected","versionType":"custom"},{"version":"9.19.0","lessThanOrEqual":"9.19.24","status":"affected","versionType":"custom"},{"version":"9.11.4-S1","lessThanOrEqual":"9.11.37-S1","status":"affected","versionType":"custom"},{"version":"9.16.8-S1","lessThanOrEqual":"9.16.50-S1","status":"affected","versionType":"custom"},{"version":"9.18.11-S1","lessThanOrEqual":"9.18.27-S1","status":"affected","versionType":"custom"}],"defaultStatus":"unaffected"}],"metrics":[{"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH"}}],"descriptions":[{"lang":"en","value":"Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name.\nThis issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1."}],"impacts":[{"descriptions":[{"lang":"en","value":"Processing of queries may be slowed down by a factor of 100."}]}],"workarounds":[{"lang":"en","value":"No workarounds known."}],"exploits":[{"lang":"en","value":"We are not aware of any active exploits."}],"solutions":[{"lang":"en","value":"Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.28, 9.20.0, or 9.18.28-S1."}],"credits":[{"lang":"en","value":"ISC would like to thank Toshifumi Sakaguchi for bringing this vulnerability to our attention."}],"references":[{"url":"https://kb.isc.org/docs/cve-2024-1737","name":"CVE-2024-1737","tags":["vendor-advisory"]},{"url":"https://kb.isc.org/docs/rrset-limits-in-zones","name":"RRset limits in zones","tags":["related"]},{"url":"http://www.openwall.com/lists/oss-security/2024/07/23/1"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/31/2"}],"source":{"discovery":"EXTERNAL"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-770","lang":"en","description":"CWE-770 Allocation of Resources Without Limits or Throttling"}]}],"affected":[{"vendor":"isc","product":"bind","cpes":["cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.11.4:s1:*:*:supported_preview:*:*:*","cpe:2.3:a:isc:bind:9.16.0:*:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.16.8:s1:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.18.0:*:*:*:-:*:*:*","cpe:2.3:a:isc:bind:9.18.11:s1:*:*:supported_preview:*:*:*","cpe:2.3:a:isc:bind:9.19.0:*:*:*:-:*:*:*"],"defaultStatus":"unaffected","versions":[{"version":"9.11.0","status":"affected","lessThanOrEqual":"9.11.37","versionType":"custom"},{"version":"9.11.4","status":"affected","lessThanOrEqual":"9.16.50","versionType":"custom"},{"version":"9.16.0","status":"affected","lessThanOrEqual":"9.18.27","versionType":"custom"},{"version":"9.16.8","status":"affected","lessThanOrEqual":"9.19.24","versionType":"custom"},{"version":"9.18.0","status":"affected","lessThanOrEqual":"9.11.37_s1","versionType":"custom"},{"version":"9.18.11","status":"affected","lessThanOrEqual":"9.16.50_s1","versionType":"custom"},{"version":"9.19.0","status":"affected","lessThanOrEqual":"9.18.27_s1","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-26T17:27:11.436620Z","id":"CVE-2024-1737","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-26T17:35:12.133Z"}},{"title":"CVE Program Container","references":[{"url":"https://security.netapp.com/advisory/ntap-20240731-0003/"},{"url":"https://kb.isc.org/docs/cve-2024-1737","name":"CVE-2024-1737","tags":["vendor-advisory","x_transferred"]},{"url":"https://kb.isc.org/docs/rrset-limits-in-zones","name":"RRset limits in zones","tags":["related","x_transferred"]},{"url":"http://www.openwall.com/lists/oss-security/2024/07/23/1","tags":["x_transferred"]}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T18:48:21.779Z"}}]},"dataVersion":"5.1"}