CVE-2024-12705

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jan 29, 2025

Updated: Feb 7, 2025

CWE ID 770

Summary

CVE-2024-12705 is a vulnerability affecting various versions of BIND 9, including 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1. Malicious clients utilizing DNS-over-HTTPS (DoH) can cause the DNS resolver's CPU and memory to exhaust through deliberate flooding of HTTP/2 traffic, be it valid or invalid. This issue poses a significant threat as DoH is designed to enhance privacy and security by encrypting DNS queries, potentially allowing unintended consequences if exploited.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

BIND

Affected Vendors

Internet Systems Consortium

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/1sFHrY
https://www.cve.org/CVERecord?id=CVE-2024-12705
https://nvd.nist.gov/vuln/detail/CVE-2024-12705

Back to Vulnerability Database