CVE-2024-11187 - Vulnerability Details

It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux Openshift Openshift Ai Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION
bind-32:9.8.2-0.68.rc1.el6_10.15	cpe:/o:redhat:rhel_els:6	RHSA-2025:1685	2025-02-19T00:00:00Z
Red Hat Enterprise Linux 7.7 Advanced Update Support
bind-32:9.11.4-9.P2.el7_7.8	cpe:/o:redhat:rhel_aus:7.7	RHSA-2025:1674	2025-02-19T00:00:00Z
Red Hat Enterprise Linux 7 Extended Lifecycle Support
bind-32:9.11.4-26.P2.el7_9.18	cpe:/o:redhat:rhel_els:7	RHSA-2025:1718	2025-02-20T00:00:00Z
Red Hat Enterprise Linux 8
bind-32:9.11.36-16.el8_10.4	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:1675	2025-02-19T00:00:00Z
bind9.16-32:9.16.23-0.22.el8_10.2	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:1676	2025-02-19T00:00:00Z
bind-32:9.11.36-16.el8_10.4	cpe:/o:redhat:enterprise_linux:8	RHSA-2025:1675	2025-02-19T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
bind-32:9.11.13-6.el8_2.10	cpe:/a:redhat:rhel_aus:8.2	RHSA-2025:1687	2025-02-19T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
bind-32:9.11.26-4.el8_4.7	cpe:/a:redhat:rhel_aus:8.4	RHSA-2025:1691	2025-02-19T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
bind-32:9.11.26-4.el8_4.7	cpe:/a:redhat:rhel_tus:8.4	RHSA-2025:1691	2025-02-19T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
bind-32:9.11.26-4.el8_4.7	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2025:1691	2025-02-19T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
bind9.16-32:9.16.23-0.7.el8_6.8	cpe:/a:redhat:rhel_aus:8.6	RHSA-2025:1679	2025-02-19T00:00:00Z
bind-32:9.11.36-3.el8_6.10	cpe:/a:redhat:rhel_aus:8.6	RHSA-2025:1684	2025-02-19T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
bind9.16-32:9.16.23-0.7.el8_6.8	cpe:/a:redhat:rhel_tus:8.6	RHSA-2025:1679	2025-02-19T00:00:00Z
bind-32:9.11.36-3.el8_6.10	cpe:/a:redhat:rhel_tus:8.6	RHSA-2025:1684	2025-02-19T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
bind9.16-32:9.16.23-0.7.el8_6.8	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2025:1679	2025-02-19T00:00:00Z
bind-32:9.11.36-3.el8_6.10	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2025:1684	2025-02-19T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
bind-32:9.11.36-8.el8_8.7	cpe:/a:redhat:rhel_eus:8.8	RHSA-2025:1666	2025-02-19T00:00:00Z
bind9.16-32:9.16.23-0.14.el8_8.6	cpe:/a:redhat:rhel_eus:8.8	RHSA-2025:1678	2025-02-19T00:00:00Z
Red Hat Enterprise Linux 9
bind9.18-32:9.18.29-1.el9_5.1	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:1670	2025-02-19T00:00:00Z
bind-32:9.16.23-24.el9_5.3	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:1681	2025-02-19T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
bind-32:9.16.23-1.el9_0.10	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:1664	2025-02-19T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
bind-32:9.16.23-11.el9_2.8	cpe:/a:redhat:rhel_eus:9.2	RHSA-2025:1665	2025-02-19T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
bind-32:9.16.23-18.el9_4.9	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:1669	2025-02-19T00:00:00Z
Red Hat OpenShift Container Platform 4.12
rhcos-412.86.202503052321-0	cpe:/a:redhat:openshift:4.12::el8	RHSA-2025:2441	2025-03-13T00:00:00Z
Red Hat OpenShift Container Platform 4.14
rhcos-414.92.202503100617-0	cpe:/a:redhat:openshift:4.14::el9	RHSA-2025:2710	2025-03-19T00:00:00Z
Red Hat OpenShift Container Platform 4.15
rhcos-415.92.202503060749-0	cpe:/a:redhat:openshift:4.15::el9	RHSA-2025:2454	2025-03-13T00:00:00Z
Red Hat OpenShift Container Platform 4.16
rhcos-416.94.202502260030-0	cpe:/a:redhat:openshift:4.16::el9	RHSA-2025:1907	2025-03-05T00:00:00Z
Red Hat OpenShift Container Platform 4.17
rhcos-417.94.202502251300-0	cpe:/a:redhat:openshift:4.17::el9	RHSA-2025:1912	2025-03-05T00:00:00Z
Red Hat OpenShift Container Platform 4.18
rhcos-418.94.202504080525-0	cpe:/a:redhat:openshift:4.18::el9	RHSA-2025:3775	2025-04-16T00:00:00Z
Red Hat OpenShift AI 2.18
registry.redhat.io/rhoai/odh-training-operator-rhel8:sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e	cpe:/a:redhat:openshift_ai:2.18::el8	RHSA-2025:2588	2025-03-10T00:00:00Z

References

Link	Providers
https://kb.isc.org/docs/cve-2024-11187
https://lists.debian.org/debian-lts-announce/2025/02/msg00011.html
https://nvd.nist.gov/vuln/detail/CVE-2024-11187
https://security.netapp.com/advisory/ntap-20250207-0002/
https://www.cve.org/CVERecord?id=CVE-2024-11187

History

Wed, 16 Apr 2025 15:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.18::el9

Thu, 20 Mar 2025 07:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.14::el9

Fri, 14 Mar 2025 03:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.12::el8

Thu, 13 Mar 2025 15:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.15::el9

Wed, 12 Mar 2025 07:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openshift Ai
CPEs		cpe:/a:redhat:openshift_ai:2.18::el8
Vendors & Products		Redhat openshift Ai

Wed, 05 Mar 2025 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openshift
CPEs		cpe:/a:redhat:openshift:4.16::el9 cpe:/a:redhat:openshift:4.17::el9
Vendors & Products		Redhat openshift

Fri, 21 Feb 2025 03:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_els:7

Thu, 20 Feb 2025 02:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat enterprise Linux Redhat rhel Aus Redhat rhel Els Redhat rhel Tus
CPEs		cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:9 cpe:/a:redhat:rhel_aus:8.2 cpe:/a:redhat:rhel_aus:8.4 cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.4 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_tus:8.4 cpe:/a:redhat:rhel_tus:8.6 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:rhel_aus:7.7 cpe:/o:redhat:rhel_els:6
Vendors & Products		Redhat enterprise Linux Redhat rhel Aus Redhat rhel Els Redhat rhel Tus

Wed, 19 Feb 2025 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat rhel E4s Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_eus:8.8 cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_eus:9.4
Vendors & Products		Redhat Redhat rhel E4s Redhat rhel Eus

Tue, 11 Feb 2025 19:45:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2025/02/msg00011.html

Fri, 07 Feb 2025 17:45:00 +0000

Type	Values Removed	Values Added
References		https://security.netapp.com/advisory/ntap-20250207-0002/

Thu, 30 Jan 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 30 Jan 2025 01:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-400
References		https://nvd.nist.gov/vuln/detail/CVE-2024-11187 https://www.cve.org/CVERecord?id=CVE-2024-11187
Metrics	threat_severity `None`	threat_severity `Important`

Wed, 29 Jan 2025 21:45:00 +0000

Type	Values Removed	Values Added
Description		It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.
Title		Many records in the additional section cause CPU exhaustion
Weaknesses		CWE-405
References		https://kb.isc.org/docs/cve-2024-11187
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: isc

Published: 2025-01-29T21:40:11.942Z

Updated: 2025-02-11T19:02:32.914Z

Reserved: 2024-11-13T17:20:48.660Z

Link: CVE-2024-11187

Vulnrichment

Updated: 2025-02-11T19:02:32.914Z

NVD

Status : Awaiting Analysis

Published: 2025-01-29T22:15:28.637

Modified: 2025-02-11T19:15:12.640

Link: CVE-2024-11187

Redhat

Severity : Important

Publid Date: 2025-01-29T00:00:00Z

Links: CVE-2024-11187 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11187", "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "state": "PUBLISHED", "assignerShortName": "isc", "dateReserved": "2024-11-13T17:20:48.660Z", "datePublished": "2025-01-29T21:40:11.942Z", "dateUpdated": "2025-02-11T19:02:32.914Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc", "dateUpdated": "2025-01-29T21:40:11.942Z"}, "title": "Many records in the additional section cause CPU exhaustion", "datePublic": "2025-01-29T00:00:00.000Z", "affected": [{"vendor": "ISC", "product": "BIND 9", "versions": [{"version": "9.11.0", "lessThanOrEqual": "9.11.37", "status": "affected", "versionType": "custom"}, {"version": "9.16.0", "lessThanOrEqual": "9.16.50", "status": "affected", "versionType": "custom"}, {"version": "9.18.0", "lessThanOrEqual": "9.18.32", "status": "affected", "versionType": "custom"}, {"version": "9.20.0", "lessThanOrEqual": "9.20.4", "status": "affected", "versionType": "custom"}, {"version": "9.21.0", "lessThanOrEqual": "9.21.3", "status": "affected", "versionType": "custom"}, {"version": "9.11.3-S1", "lessThanOrEqual": "9.11.37-S1", "status": "affected", "versionType": "custom"}, {"version": "9.16.8-S1", "lessThanOrEqual": "9.16.50-S1", "status": "affected", "versionType": "custom"}, {"version": "9.18.11-S1", "lessThanOrEqual": "9.18.32-S1", "status": "affected", "versionType": "custom"}], "defaultStatus": "unaffected"}], "metrics": [{"cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-405", "description": "CWE-405 Asymmetric Resource Consumption (Amplification)"}]}], "descriptions": [{"lang": "en", "value": "It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure.\nThis issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1."}], "impacts": [{"descriptions": [{"lang": "en", "value": "A `named` instance vulnerable to this issue can be compelled to consume excessive CPU resources up to the point where exhaustion of resources effectively prevents the server from responding to other client queries. This issue is most likely to affect resolvers but could also degrade authoritative server performance."}]}], "workarounds": [{"lang": "en", "value": "Setting option `minimal-responses yes;` provides an effective workaround."}], "exploits": [{"lang": "en", "value": "We are not aware of any active exploits."}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.33, 9.20.5, 9.21.4, or 9.18.33-S1."}], "credits": [{"lang": "en", "value": "ISC would like to thank Toshifumi Sakaguchi for bringing this vulnerability to our attention."}], "references": [{"url": "https://kb.isc.org/docs/cve-2024-11187", "name": "CVE-2024-11187", "tags": ["vendor-advisory"]}], "source": {"discovery": "EXTERNAL"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-30T15:27:46.174106Z", "id": "CVE-2024-11187", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-30T15:27:58.342Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20250207-0002/"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00011.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-02-11T19:02:32.914Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20250207-0002/"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00011.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-02-11T19:02:32.914Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-11187", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-30T15:27:46.174106Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-30T15:27:15.557Z"}}], "cna": {"title": "Many records in the additional section cause CPU exhaustion", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "value": "ISC would like to thank Toshifumi Sakaguchi for bringing this vulnerability to our attention."}], "impacts": [{"descriptions": [{"lang": "en", "value": "A `named` instance vulnerable to this issue can be compelled to consume excessive CPU resources up to the point where exhaustion of resources effectively prevents the server from responding to other client queries. This issue is most likely to affect resolvers but could also degrade authoritative server performance."}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ISC", "product": "BIND 9", "versions": [{"status": "affected", "version": "9.11.0", "versionType": "custom", "lessThanOrEqual": "9.11.37"}, {"status": "affected", "version": "9.16.0", "versionType": "custom", "lessThanOrEqual": "9.16.50"}, {"status": "affected", "version": "9.18.0", "versionType": "custom", "lessThanOrEqual": "9.18.32"}, {"status": "affected", "version": "9.20.0", "versionType": "custom", "lessThanOrEqual": "9.20.4"}, {"status": "affected", "version": "9.21.0", "versionType": "custom", "lessThanOrEqual": "9.21.3"}, {"status": "affected", "version": "9.11.3-S1", "versionType": "custom", "lessThanOrEqual": "9.11.37-S1"}, {"status": "affected", "version": "9.16.8-S1", "versionType": "custom", "lessThanOrEqual": "9.16.50-S1"}, {"status": "affected", "version": "9.18.11-S1", "versionType": "custom", "lessThanOrEqual": "9.18.32-S1"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "We are not aware of any active exploits."}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.33, 9.20.5, 9.21.4, or 9.18.33-S1."}], "datePublic": "2025-01-29T00:00:00.000Z", "references": [{"url": "https://kb.isc.org/docs/cve-2024-11187", "name": "CVE-2024-11187", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "Setting option `minimal-responses yes;` provides an effective workaround."}], "descriptions": [{"lang": "en", "value": "It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure.\nThis issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-405", "description": "CWE-405 Asymmetric Resource Consumption (Amplification)"}]}], "providerMetadata": {"orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc", "dateUpdated": "2025-01-29T21:40:11.942Z"}}}, "cveMetadata": {"cveId": "CVE-2024-11187", "state": "PUBLISHED", "dateUpdated": "2025-02-11T19:02:32.914Z", "dateReserved": "2024-11-13T17:20:48.660Z", "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "datePublished": "2025-01-29T21:40:11.942Z", "assignerShortName": "isc"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure.\nThis issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1."}, {"lang": "es", "value": "Es posible construir una zona de manera que algunas consultas generen respuestas que contengan numerosos registros en la secci\u00f3n Adicional. Un atacante que env\u00ede muchas consultas de este tipo puede provocar que el servidor autorizado o un solucionador independiente utilicen recursos desproporcionados para procesar las consultas. Por lo general, ser\u00e1 necesario que las zonas hayan sido deliberadamente manipulado para atacar esta exposici\u00f3n. Este problema afecta a las versiones de BIND 9 9.11.0 a 9.11.37, 9.16.0 a 9.16.50, 9.18.0 a 9.18.32, 9.20.0 a 9.20.4, 9.21.0 a 9.21.3, 9.11.3-S1 a 9.11.37-S1, 9.16.8-S1 a 9.16.50-S1 y 9.18.11-S1 a 9.18.32-S1."}], "id": "CVE-2024-11187", "lastModified": "2025-02-11T19:15:12.640", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-officer@isc.org", "type": "Secondary"}]}, "published": "2025-01-29T22:15:28.637", "references": [{"source": "security-officer@isc.org", "url": "https://kb.isc.org/docs/cve-2024-11187"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00011.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20250207-0002/"}], "sourceIdentifier": "security-officer@isc.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-405"}], "source": "security-officer@isc.org", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Toshifumi Sakaguchi for reporting this issue.", "affected_release": [{"advisory": "RHSA-2025:1685", "cpe": "cpe:/o:redhat:rhel_els:6", "package": "bind-32:9.8.2-0.68.rc1.el6_10.15", "product_name": "Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1674", "cpe": "cpe:/o:redhat:rhel_aus:7.7", "package": "bind-32:9.11.4-9.P2.el7_7.8", "product_name": "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1718", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "bind-32:9.11.4-26.P2.el7_9.18", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-02-20T00:00:00Z"}, {"advisory": "RHSA-2025:1675", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "bind-32:9.11.36-16.el8_10.4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1676", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "bind9.16-32:9.16.23-0.22.el8_10.2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1675", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "bind-32:9.11.36-16.el8_10.4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1687", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "bind-32:9.11.13-6.el8_2.10", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1691", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "bind-32:9.11.26-4.el8_4.7", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1691", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "bind-32:9.11.26-4.el8_4.7", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1691", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "bind-32:9.11.26-4.el8_4.7", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1679", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "bind9.16-32:9.16.23-0.7.el8_6.8", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1684", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "bind-32:9.11.36-3.el8_6.10", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1679", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "bind9.16-32:9.16.23-0.7.el8_6.8", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1684", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "bind-32:9.11.36-3.el8_6.10", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1679", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "bind9.16-32:9.16.23-0.7.el8_6.8", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1684", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "bind-32:9.11.36-3.el8_6.10", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1666", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "bind-32:9.11.36-8.el8_8.7", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1678", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "bind9.16-32:9.16.23-0.14.el8_8.6", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1670", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "bind9.18-32:9.18.29-1.el9_5.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1681", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "bind-32:9.16.23-24.el9_5.3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1664", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "bind-32:9.16.23-1.el9_0.10", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1665", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "bind-32:9.16.23-11.el9_2.8", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1669", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "bind-32:9.16.23-18.el9_4.9", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:2441", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "rhcos-412.86.202503052321-0", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2025-03-13T00:00:00Z"}, {"advisory": "RHSA-2025:2710", "cpe": "cpe:/a:redhat:openshift:4.14::el9", "package": "rhcos-414.92.202503100617-0", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2025-03-19T00:00:00Z"}, {"advisory": "RHSA-2025:2454", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "rhcos-415.92.202503060749-0", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2025-03-13T00:00:00Z"}, {"advisory": "RHSA-2025:1907", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "rhcos-416.94.202502260030-0", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2025-03-05T00:00:00Z"}, {"advisory": "RHSA-2025:1912", "cpe": "cpe:/a:redhat:openshift:4.17::el9", "package": "rhcos-417.94.202502251300-0", "product_name": "Red Hat OpenShift Container Platform 4.17", "release_date": "2025-03-05T00:00:00Z"}, {"advisory": "RHSA-2025:3775", "cpe": "cpe:/a:redhat:openshift:4.18::el9", "package": "rhcos-418.94.202504080525-0", "product_name": "Red Hat OpenShift Container Platform 4.18", "release_date": "2025-04-16T00:00:00Z"}, {"advisory": "RHSA-2025:2588", "cpe": "cpe:/a:redhat:openshift_ai:2.18::el8", "package": "registry.redhat.io/rhoai/odh-training-operator-rhel8:sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e", "product_name": "Red Hat OpenShift AI 2.18", "release_date": "2025-03-10T00:00:00Z"}], "bugzilla": {"description": "bind: bind9: Many records in the additional section cause CPU exhaustion", "id": "2342879", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342879"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-400", "details": ["It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure.\nThis issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.", "A flaw was found in the bind package where a crafted DNS zone may generate numerous records in the 'Additional' section of the response. This flaw allows an attacker to send a large amount of such queries, which may lead either the authoritative server or an independent resolver to run into an uncontrolled CPU resource scenario, ultimately resulting in the server not being able to attend new requests and causing a denial of service as a consequence."], "mitigation": {"lang": "en:us", "value": "Users can set the option `minimal-responses yes;`in the configuration file located at `/etc/named.conf`to mitigate this vulnerability."}, "name": "CVE-2024-11187", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "dhcp", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-01-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-11187\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-11187"], "statement": "The bind package as shipped by Red Hat does not by default set the option `minimal-responses yes;` in the configuration file.", "threat_severity": "Important"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object