DoS via Excessive ADDITIONAL Records in ISC BIND 9 (9.1121.3)
CVE-2024-11187 Published on January 29, 2025
Many records in the additional section cause CPU exhaustion
It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure.
This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.
Vulnerability Analysis
CVE-2024-11187 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
What is an Amplification Vulnerability?
Software that does not appropriately monitor or control resource consumption can lead to adverse system performance. This situation is amplified if the software allows malicious users or attackers to consume more resources than their access level permits. Exploiting such a weakness can lead to asymmetric resource consumption, aiding in amplification attacks against the system or the network.
CVE-2024-11187 has been classified to as an Amplification vulnerability or weakness.
Products Associated with CVE-2024-11187
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-11187 are published in these products:
Affected Versions
ISC BIND 9:- Version 9.11.0, <= 9.11.37 is affected.
- Version 9.16.0, <= 9.16.50 is affected.
- Version 9.18.0, <= 9.18.32 is affected.
- Version 9.20.0, <= 9.20.4 is affected.
- Version 9.21.0, <= 9.21.3 is affected.
- Version 9.11.3-S1, <= 9.11.37-S1 is affected.
- Version 9.16.8-S1, <= 9.16.50-S1 is affected.
- Version 9.18.11-S1, <= 9.18.32-S1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.