{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11187", "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "state": "PUBLISHED", "assignerShortName": "isc", "dateReserved": "2024-11-13T17:20:48.660Z", "datePublished": "2025-01-29T21:40:11.942Z", "dateUpdated": "2025-02-11T19:02:32.914Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc", "dateUpdated": "2025-01-29T21:40:11.942Z"}, "title": "Many records in the additional section cause CPU exhaustion", "datePublic": "2025-01-29T00:00:00.000Z", "affected": [{"vendor": "ISC", "product": "BIND 9", "versions": [{"version": "9.11.0", "lessThanOrEqual": "9.11.37", "status": "affected", "versionType": "custom"}, {"version": "9.16.0", "lessThanOrEqual": "9.16.50", "status": "affected", "versionType": "custom"}, {"version": "9.18.0", "lessThanOrEqual": "9.18.32", "status": "affected", "versionType": "custom"}, {"version": "9.20.0", "lessThanOrEqual": "9.20.4", "status": "affected", "versionType": "custom"}, {"version": "9.21.0", "lessThanOrEqual": "9.21.3", "status": "affected", "versionType": "custom"}, {"version": "9.11.3-S1", "lessThanOrEqual": "9.11.37-S1", "status": "affected", "versionType": "custom"}, {"version": "9.16.8-S1", "lessThanOrEqual": "9.16.50-S1", "status": "affected", "versionType": "custom"}, {"version": "9.18.11-S1", "lessThanOrEqual": "9.18.32-S1", "status": "affected", "versionType": "custom"}], "defaultStatus": "unaffected"}], "metrics": [{"cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-405", "description": "CWE-405 Asymmetric Resource Consumption (Amplification)"}]}], "descriptions": [{"lang": "en", "value": "It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure.\nThis issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1."}], "impacts": [{"descriptions": [{"lang": "en", "value": "A `named` instance vulnerable to this issue can be compelled to consume excessive CPU resources up to the point where exhaustion of resources effectively prevents the server from responding to other client queries. This issue is most likely to affect resolvers but could also degrade authoritative server performance."}]}], "workarounds": [{"lang": "en", "value": "Setting option `minimal-responses yes;` provides an effective workaround."}], "exploits": [{"lang": "en", "value": "We are not aware of any active exploits."}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.33, 9.20.5, 9.21.4, or 9.18.33-S1."}], "credits": [{"lang": "en", "value": "ISC would like to thank Toshifumi Sakaguchi for bringing this vulnerability to our attention."}], "references": [{"url": "https://kb.isc.org/docs/cve-2024-11187", "name": "CVE-2024-11187", "tags": ["vendor-advisory"]}], "source": {"discovery": "EXTERNAL"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-30T15:27:46.174106Z", "id": "CVE-2024-11187", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-30T15:27:58.342Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20250207-0002/"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00011.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-02-11T19:02:32.914Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20250207-0002/"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00011.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-02-11T19:02:32.914Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-11187", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-30T15:27:46.174106Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-30T15:27:15.557Z"}}], "cna": {"title": "Many records in the additional section cause CPU exhaustion", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "value": "ISC would like to thank Toshifumi Sakaguchi for bringing this vulnerability to our attention."}], "impacts": [{"descriptions": [{"lang": "en", "value": "A `named` instance vulnerable to this issue can be compelled to consume excessive CPU resources up to the point where exhaustion of resources effectively prevents the server from responding to other client queries. This issue is most likely to affect resolvers but could also degrade authoritative server performance."}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ISC", "product": "BIND 9", "versions": [{"status": "affected", "version": "9.11.0", "versionType": "custom", "lessThanOrEqual": "9.11.37"}, {"status": "affected", "version": "9.16.0", "versionType": "custom", "lessThanOrEqual": "9.16.50"}, {"status": "affected", "version": "9.18.0", "versionType": "custom", "lessThanOrEqual": "9.18.32"}, {"status": "affected", "version": "9.20.0", "versionType": "custom", "lessThanOrEqual": "9.20.4"}, {"status": "affected", "version": "9.21.0", "versionType": "custom", "lessThanOrEqual": "9.21.3"}, {"status": "affected", "version": "9.11.3-S1", "versionType": "custom", "lessThanOrEqual": "9.11.37-S1"}, {"status": "affected", "version": "9.16.8-S1", "versionType": "custom", "lessThanOrEqual": "9.16.50-S1"}, {"status": "affected", "version": "9.18.11-S1", "versionType": "custom", "lessThanOrEqual": "9.18.32-S1"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "We are not aware of any active exploits."}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.33, 9.20.5, 9.21.4, or 9.18.33-S1."}], "datePublic": "2025-01-29T00:00:00.000Z", "references": [{"url": "https://kb.isc.org/docs/cve-2024-11187", "name": "CVE-2024-11187", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "Setting option `minimal-responses yes;` provides an effective workaround."}], "descriptions": [{"lang": "en", "value": "It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure.\nThis issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-405", "description": "CWE-405 Asymmetric Resource Consumption (Amplification)"}]}], "providerMetadata": {"orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc", "dateUpdated": "2025-01-29T21:40:11.942Z"}}}, "cveMetadata": {"cveId": "CVE-2024-11187", "state": "PUBLISHED", "dateUpdated": "2025-02-11T19:02:32.914Z", "dateReserved": "2024-11-13T17:20:48.660Z", "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "datePublished": "2025-01-29T21:40:11.942Z", "assignerShortName": "isc"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure.\nThis issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1."}, {"lang": "es", "value": "Es posible construir una zona de manera que algunas consultas generen respuestas que contengan numerosos registros en la secci\u00f3n Adicional. Un atacante que env\u00ede muchas consultas de este tipo puede provocar que el servidor autorizado o un solucionador independiente utilicen recursos desproporcionados para procesar las consultas. Por lo general, ser\u00e1 necesario que las zonas hayan sido deliberadamente manipulado para atacar esta exposici\u00f3n. Este problema afecta a las versiones de BIND 9 9.11.0 a 9.11.37, 9.16.0 a 9.16.50, 9.18.0 a 9.18.32, 9.20.0 a 9.20.4, 9.21.0 a 9.21.3, 9.11.3-S1 a 9.11.37-S1, 9.16.8-S1 a 9.16.50-S1 y 9.18.11-S1 a 9.18.32-S1."}], "id": "CVE-2024-11187", "lastModified": "2025-02-11T19:15:12.640", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-officer@isc.org", "type": "Secondary"}]}, "published": "2025-01-29T22:15:28.637", "references": [{"source": "security-officer@isc.org", "url": "https://kb.isc.org/docs/cve-2024-11187"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00011.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20250207-0002/"}], "sourceIdentifier": "security-officer@isc.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-405"}], "source": "security-officer@isc.org", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Toshifumi Sakaguchi for reporting this issue.", "affected_release": [{"advisory": "RHSA-2025:1685", "cpe": "cpe:/o:redhat:rhel_els:6", "package": "bind-32:9.8.2-0.68.rc1.el6_10.15", "product_name": "Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1674", "cpe": "cpe:/o:redhat:rhel_aus:7.7", "package": "bind-32:9.11.4-9.P2.el7_7.8", "product_name": "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1718", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "bind-32:9.11.4-26.P2.el7_9.18", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-02-20T00:00:00Z"}, {"advisory": "RHSA-2025:1675", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "bind-32:9.11.36-16.el8_10.4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1676", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "bind9.16-32:9.16.23-0.22.el8_10.2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1675", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "bind-32:9.11.36-16.el8_10.4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1687", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "bind-32:9.11.13-6.el8_2.10", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1691", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "bind-32:9.11.26-4.el8_4.7", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1691", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "bind-32:9.11.26-4.el8_4.7", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1691", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "bind-32:9.11.26-4.el8_4.7", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1679", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "bind9.16-32:9.16.23-0.7.el8_6.8", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1684", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "bind-32:9.11.36-3.el8_6.10", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1679", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "bind9.16-32:9.16.23-0.7.el8_6.8", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1684", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "bind-32:9.11.36-3.el8_6.10", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1679", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "bind9.16-32:9.16.23-0.7.el8_6.8", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1684", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "bind-32:9.11.36-3.el8_6.10", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1666", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "bind-32:9.11.36-8.el8_8.7", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1678", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "bind9.16-32:9.16.23-0.14.el8_8.6", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1670", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "bind9.18-32:9.18.29-1.el9_5.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1681", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "bind-32:9.16.23-24.el9_5.3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1664", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "bind-32:9.16.23-1.el9_0.10", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1665", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "bind-32:9.16.23-11.el9_2.8", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1669", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "bind-32:9.16.23-18.el9_4.9", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-02-19T00:00:00Z"}], "bugzilla": {"description": "bind: bind9: Many records in the additional section cause CPU exhaustion", "id": "2342879", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342879"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-400", "details": ["It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure.\nThis issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.", "A flaw was found in the bind package where a crafted DNS zone may generate numerous records in the 'Additional' section of the response. This flaw allows an attacker to send a large amount of such queries, which may lead either the authoritative server or an independent resolver to run into an uncontrolled CPU resource scenario, ultimately resulting in the server not being able to attend new requests and causing a denial of service as a consequence."], "mitigation": {"lang": "en:us", "value": "Users can set the option `minimal-responses yes;`in the configuration file located at `/etc/named.conf`to mitigate this vulnerability."}, "name": "CVE-2024-11187", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "dhcp", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2025-01-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-11187\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-11187"], "statement": "The bind package as shipped by Red Hat does not by default set the option `minimal-responses yes;` in the configuration file.", "threat_severity": "Important"}