- Description
- It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.
- Source
- security-officer@isc.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- security-officer@isc.org
- CWE-405
- Hype score
- Not currently trending
ISC BIND 9 の脆弱性 CVE-2024-11187/12705 が FIX:サービス拒否 (DoS) 攻撃の恐れ https://t.co/a2eAo2VEOn ISC BIND の脆弱性が修正されたとのことです。ご利用の方は、アップデートをお急ぎください。前回の BIND に関する脆弱性は、2023/06/26 の「ISC BIND の3つの DoS 脆弱性 CVE-2023-2828… https://t.co/lG4ZLdhK8T
@iototsecnews
10 Feb 2025
102 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Threat Alert: ISC Patches Two Vulnerabilities - CVE-2024-11187 and CVE-2024-12705 CVE-2024-12705 CVE-2024-11187 Severity: ⚠️ Critical Maturity: 💢 Emerging Learn more: https://t.co/vWBH3CSGGY #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
1 Feb 2025
141 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
🔵🟡🔴プログラミンニュース ~気になるニュースをピックアップ~ BIND 9 に 2 件の DoS 攻撃を受ける欠陥 (CVE-2024-11187, CVE-2024-12705) https://t.co/xt4HYrhCj1 #ICT
@programmin_net
31 Jan 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11187, -12705: Vulns in BIND DNS Software, 7.5 rating❗️ Two vulns in BIND allow DoS against DNS servers, which can be a preparatory step before the main attacks. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/idFGyJa6xe #cybersecurity #vulnerability_map http
@Netlas_io
31 Jan 2025
888 Impressions
7 Retweets
16 Likes
4 Bookmarks
0 Replies
0 Quotes
■(緊急)BIND 9.xの脆弱性(過剰なCPU負荷の誘発)について(CVE-2024-11187) - バージョンアップを強く推奨 - 株式会社日本レジストリサービス(JPRS) 初版作成 2025/01/30(Thu) https://t.co/9atc2RwZpW ※参考 JVNVU#94914427 ISC BINDにおける複数の脆弱性(2025年1月)… https://t.co/V3dePOfqZ9 https://t.co/lpxIeLVkK8
@taku888infinity
30 Jan 2025
790 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
【注意喚起】(緊急)BIND 9.xの脆弱性(過剰なCPU負荷の誘発)について(CVE-2024-11187) - バージョンアップを強く推奨 - https://t.co/qM2DqtlDZJ
@JPRS_official
30 Jan 2025
3136 Impressions
12 Retweets
27 Likes
4 Bookmarks
0 Replies
2 Quotes