CVE-2024-1975
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-1975 is a vulnerability affecting various versions of BIND 9, including 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1. If a server hosts a zone containing a "KEY" Resource Record or if a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can send a stream of SIG(0) signed requests, leading to CPU resource exhaustion on the resolver. This issue can potentially cause denial-of-service attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- BIND
Affected Vendors
- Internet Systems Consortium