csaf_suse - suse-su-2025:0355-1

Vulnerability from csaf_suse

Published

2025-02-04 12:59

Modified

2025-02-04 12:59

Summary

Security update for bind

Notes

Title of the patch

Security update for bind

Description of the patch

This update for bind fixes the following issues: Update to release 9.18.33 Security Fixes: - CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section (bsc#1236596) - CVE-2024-12705: Fixes multiple issues in DNS-over-HTTPS implementation when under heavy query load (bsc#1236597)

Patchnames

SUSE-2025-355,SUSE-SLE-Module-Basesystem-15-SP6-2025-355,SUSE-SLE-Module-Server-Applications-15-SP6-2025-355,openSUSE-SLE-15.6-2025-355

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         namespace: "https://www.suse.com/support/security/rating/",
         text: "important",
      },
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      distribution: {
         text: "Copyright 2024 SUSE LLC. All rights reserved.",
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "en",
      notes: [
         {
            category: "summary",
            text: "Security update for bind",
            title: "Title of the patch",
         },
         {
            category: "description",
            text: "This update for bind fixes the following issues:\n\nUpdate to release 9.18.33\n\nSecurity Fixes:\n\n- CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section (bsc#1236596)\n- CVE-2024-12705: Fixes multiple issues in DNS-over-HTTPS implementation when under heavy query load (bsc#1236597)\n",
            title: "Description of the patch",
         },
         {
            category: "details",
            text: "SUSE-2025-355,SUSE-SLE-Module-Basesystem-15-SP6-2025-355,SUSE-SLE-Module-Server-Applications-15-SP6-2025-355,openSUSE-SLE-15.6-2025-355",
            title: "Patchnames",
         },
         {
            category: "legal_disclaimer",
            text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
            title: "Terms of use",
         },
      ],
      publisher: {
         category: "vendor",
         contact_details: "https://www.suse.com/support/security/contact/",
         name: "SUSE Product Security Team",
         namespace: "https://www.suse.com/",
      },
      references: [
         {
            category: "external",
            summary: "SUSE ratings",
            url: "https://www.suse.com/support/security/rating/",
         },
         {
            category: "self",
            summary: "URL of this CSAF notice",
            url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0355-1.json",
         },
         {
            category: "self",
            summary: "URL for SUSE-SU-2025:0355-1",
            url: "https://www.suse.com/support/update/announcement/2025/suse-su-20250355-1/",
         },
         {
            category: "self",
            summary: "E-Mail link for SUSE-SU-2025:0355-1",
            url: "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020283.html",
         },
         {
            category: "self",
            summary: "SUSE Bug 1236596",
            url: "https://bugzilla.suse.com/1236596",
         },
         {
            category: "self",
            summary: "SUSE Bug 1236597",
            url: "https://bugzilla.suse.com/1236597",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2024-11187 page",
            url: "https://www.suse.com/security/cve/CVE-2024-11187/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2024-12705 page",
            url: "https://www.suse.com/security/cve/CVE-2024-12705/",
         },
      ],
      title: "Security update for bind",
      tracking: {
         current_release_date: "2025-02-04T12:59:26Z",
         generator: {
            date: "2025-02-04T12:59:26Z",
            engine: {
               name: "cve-database.git:bin/generate-csaf.pl",
               version: "1",
            },
         },
         id: "SUSE-SU-2025:0355-1",
         initial_release_date: "2025-02-04T12:59:26Z",
         revision_history: [
            {
               date: "2025-02-04T12:59:26Z",
               number: "1",
               summary: "Current version",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "bind-9.18.33-150600.3.6.1.aarch64",
                        product: {
                           name: "bind-9.18.33-150600.3.6.1.aarch64",
                           product_id: "bind-9.18.33-150600.3.6.1.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "bind-utils-9.18.33-150600.3.6.1.aarch64",
                        product: {
                           name: "bind-utils-9.18.33-150600.3.6.1.aarch64",
                           product_id: "bind-utils-9.18.33-150600.3.6.1.aarch64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "aarch64",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "bind-9.18.33-150600.3.6.1.i586",
                        product: {
                           name: "bind-9.18.33-150600.3.6.1.i586",
                           product_id: "bind-9.18.33-150600.3.6.1.i586",
                        },
                     },
                     {
                        category: "product_version",
                        name: "bind-utils-9.18.33-150600.3.6.1.i586",
                        product: {
                           name: "bind-utils-9.18.33-150600.3.6.1.i586",
                           product_id: "bind-utils-9.18.33-150600.3.6.1.i586",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "i586",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "bind-doc-9.18.33-150600.3.6.1.noarch",
                        product: {
                           name: "bind-doc-9.18.33-150600.3.6.1.noarch",
                           product_id: "bind-doc-9.18.33-150600.3.6.1.noarch",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "noarch",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "bind-9.18.33-150600.3.6.1.ppc64le",
                        product: {
                           name: "bind-9.18.33-150600.3.6.1.ppc64le",
                           product_id: "bind-9.18.33-150600.3.6.1.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "bind-utils-9.18.33-150600.3.6.1.ppc64le",
                        product: {
                           name: "bind-utils-9.18.33-150600.3.6.1.ppc64le",
                           product_id: "bind-utils-9.18.33-150600.3.6.1.ppc64le",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "ppc64le",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "bind-9.18.33-150600.3.6.1.s390x",
                        product: {
                           name: "bind-9.18.33-150600.3.6.1.s390x",
                           product_id: "bind-9.18.33-150600.3.6.1.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "bind-utils-9.18.33-150600.3.6.1.s390x",
                        product: {
                           name: "bind-utils-9.18.33-150600.3.6.1.s390x",
                           product_id: "bind-utils-9.18.33-150600.3.6.1.s390x",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "s390x",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "bind-9.18.33-150600.3.6.1.x86_64",
                        product: {
                           name: "bind-9.18.33-150600.3.6.1.x86_64",
                           product_id: "bind-9.18.33-150600.3.6.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "bind-utils-9.18.33-150600.3.6.1.x86_64",
                        product: {
                           name: "bind-utils-9.18.33-150600.3.6.1.x86_64",
                           product_id: "bind-utils-9.18.33-150600.3.6.1.x86_64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "x86_64",
               },
               {
                  branches: [
                     {
                        category: "product_name",
                        name: "SUSE Linux Enterprise Module for Basesystem 15 SP6",
                        product: {
                           name: "SUSE Linux Enterprise Module for Basesystem 15 SP6",
                           product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP6",
                           product_identification_helper: {
                              cpe: "cpe:/o:suse:sle-module-basesystem:15:sp6",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "SUSE Linux Enterprise Module for Server Applications 15 SP6",
                        product: {
                           name: "SUSE Linux Enterprise Module for Server Applications 15 SP6",
                           product_id: "SUSE Linux Enterprise Module for Server Applications 15 SP6",
                           product_identification_helper: {
                              cpe: "cpe:/o:suse:sle-module-server-applications:15:sp6",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "openSUSE Leap 15.6",
                        product: {
                           name: "openSUSE Leap 15.6",
                           product_id: "openSUSE Leap 15.6",
                           product_identification_helper: {
                              cpe: "cpe:/o:opensuse:leap:15.6",
                           },
                        },
                     },
                  ],
                  category: "product_family",
                  name: "SUSE Linux Enterprise",
               },
            ],
            category: "vendor",
            name: "SUSE",
         },
      ],
      relationships: [
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-utils-9.18.33-150600.3.6.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
               product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1.aarch64",
            },
            product_reference: "bind-utils-9.18.33-150600.3.6.1.aarch64",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP6",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-utils-9.18.33-150600.3.6.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
               product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1.ppc64le",
            },
            product_reference: "bind-utils-9.18.33-150600.3.6.1.ppc64le",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP6",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-utils-9.18.33-150600.3.6.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
               product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1.s390x",
            },
            product_reference: "bind-utils-9.18.33-150600.3.6.1.s390x",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP6",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-utils-9.18.33-150600.3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
               product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1.x86_64",
            },
            product_reference: "bind-utils-9.18.33-150600.3.6.1.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP6",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-9.18.33-150600.3.6.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP6",
               product_id: "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1.aarch64",
            },
            product_reference: "bind-9.18.33-150600.3.6.1.aarch64",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Server Applications 15 SP6",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-9.18.33-150600.3.6.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP6",
               product_id: "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1.ppc64le",
            },
            product_reference: "bind-9.18.33-150600.3.6.1.ppc64le",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Server Applications 15 SP6",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-9.18.33-150600.3.6.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP6",
               product_id: "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1.s390x",
            },
            product_reference: "bind-9.18.33-150600.3.6.1.s390x",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Server Applications 15 SP6",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-9.18.33-150600.3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP6",
               product_id: "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1.x86_64",
            },
            product_reference: "bind-9.18.33-150600.3.6.1.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Server Applications 15 SP6",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-doc-9.18.33-150600.3.6.1.noarch as component of SUSE Linux Enterprise Module for Server Applications 15 SP6",
               product_id: "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-doc-9.18.33-150600.3.6.1.noarch",
            },
            product_reference: "bind-doc-9.18.33-150600.3.6.1.noarch",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Server Applications 15 SP6",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-9.18.33-150600.3.6.1.aarch64 as component of openSUSE Leap 15.6",
               product_id: "openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1.aarch64",
            },
            product_reference: "bind-9.18.33-150600.3.6.1.aarch64",
            relates_to_product_reference: "openSUSE Leap 15.6",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-9.18.33-150600.3.6.1.ppc64le as component of openSUSE Leap 15.6",
               product_id: "openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1.ppc64le",
            },
            product_reference: "bind-9.18.33-150600.3.6.1.ppc64le",
            relates_to_product_reference: "openSUSE Leap 15.6",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-9.18.33-150600.3.6.1.s390x as component of openSUSE Leap 15.6",
               product_id: "openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1.s390x",
            },
            product_reference: "bind-9.18.33-150600.3.6.1.s390x",
            relates_to_product_reference: "openSUSE Leap 15.6",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-9.18.33-150600.3.6.1.x86_64 as component of openSUSE Leap 15.6",
               product_id: "openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1.x86_64",
            },
            product_reference: "bind-9.18.33-150600.3.6.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.6",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-doc-9.18.33-150600.3.6.1.noarch as component of openSUSE Leap 15.6",
               product_id: "openSUSE Leap 15.6:bind-doc-9.18.33-150600.3.6.1.noarch",
            },
            product_reference: "bind-doc-9.18.33-150600.3.6.1.noarch",
            relates_to_product_reference: "openSUSE Leap 15.6",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-utils-9.18.33-150600.3.6.1.aarch64 as component of openSUSE Leap 15.6",
               product_id: "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1.aarch64",
            },
            product_reference: "bind-utils-9.18.33-150600.3.6.1.aarch64",
            relates_to_product_reference: "openSUSE Leap 15.6",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-utils-9.18.33-150600.3.6.1.ppc64le as component of openSUSE Leap 15.6",
               product_id: "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1.ppc64le",
            },
            product_reference: "bind-utils-9.18.33-150600.3.6.1.ppc64le",
            relates_to_product_reference: "openSUSE Leap 15.6",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-utils-9.18.33-150600.3.6.1.s390x as component of openSUSE Leap 15.6",
               product_id: "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1.s390x",
            },
            product_reference: "bind-utils-9.18.33-150600.3.6.1.s390x",
            relates_to_product_reference: "openSUSE Leap 15.6",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "bind-utils-9.18.33-150600.3.6.1.x86_64 as component of openSUSE Leap 15.6",
               product_id: "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1.x86_64",
            },
            product_reference: "bind-utils-9.18.33-150600.3.6.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.6",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2024-11187",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2024-11187",
            },
         ],
         notes: [
            {
               category: "general",
               text: "It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure.\nThis issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1.aarch64",
               "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1.ppc64le",
               "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1.s390x",
               "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1.x86_64",
               "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1.aarch64",
               "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1.ppc64le",
               "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1.s390x",
               "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1.x86_64",
               "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-doc-9.18.33-150600.3.6.1.noarch",
               "openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1.aarch64",
               "openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1.ppc64le",
               "openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1.s390x",
               "openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1.x86_64",
               "openSUSE Leap 15.6:bind-doc-9.18.33-150600.3.6.1.noarch",
               "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1.aarch64",
               "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1.ppc64le",
               "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1.s390x",
               "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2024-11187",
               url: "https://www.suse.com/security/cve/CVE-2024-11187",
            },
            {
               category: "external",
               summary: "SUSE Bug 1236596 for CVE-2024-11187",
               url: "https://bugzilla.suse.com/1236596",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1.aarch64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1.ppc64le",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1.s390x",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1.x86_64",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1.aarch64",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1.ppc64le",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1.s390x",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1.x86_64",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-doc-9.18.33-150600.3.6.1.noarch",
                  "openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1.aarch64",
                  "openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1.ppc64le",
                  "openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1.s390x",
                  "openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1.x86_64",
                  "openSUSE Leap 15.6:bind-doc-9.18.33-150600.3.6.1.noarch",
                  "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1.aarch64",
                  "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1.ppc64le",
                  "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1.s390x",
                  "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               products: [
                  "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1.aarch64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1.ppc64le",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1.s390x",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1.x86_64",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1.aarch64",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1.ppc64le",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1.s390x",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1.x86_64",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-doc-9.18.33-150600.3.6.1.noarch",
                  "openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1.aarch64",
                  "openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1.ppc64le",
                  "openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1.s390x",
                  "openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1.x86_64",
                  "openSUSE Leap 15.6:bind-doc-9.18.33-150600.3.6.1.noarch",
                  "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1.aarch64",
                  "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1.ppc64le",
                  "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1.s390x",
                  "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2025-02-04T12:59:26Z",
               details: "important",
            },
         ],
         title: "CVE-2024-11187",
      },
      {
         cve: "CVE-2024-12705",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2024-12705",
            },
         ],
         notes: [
            {
               category: "general",
               text: "Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic.\nThis issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1.aarch64",
               "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1.ppc64le",
               "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1.s390x",
               "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1.x86_64",
               "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1.aarch64",
               "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1.ppc64le",
               "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1.s390x",
               "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1.x86_64",
               "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-doc-9.18.33-150600.3.6.1.noarch",
               "openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1.aarch64",
               "openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1.ppc64le",
               "openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1.s390x",
               "openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1.x86_64",
               "openSUSE Leap 15.6:bind-doc-9.18.33-150600.3.6.1.noarch",
               "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1.aarch64",
               "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1.ppc64le",
               "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1.s390x",
               "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2024-12705",
               url: "https://www.suse.com/security/cve/CVE-2024-12705",
            },
            {
               category: "external",
               summary: "SUSE Bug 1236597 for CVE-2024-12705",
               url: "https://bugzilla.suse.com/1236597",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1.aarch64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1.ppc64le",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1.s390x",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1.x86_64",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1.aarch64",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1.ppc64le",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1.s390x",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1.x86_64",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-doc-9.18.33-150600.3.6.1.noarch",
                  "openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1.aarch64",
                  "openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1.ppc64le",
                  "openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1.s390x",
                  "openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1.x86_64",
                  "openSUSE Leap 15.6:bind-doc-9.18.33-150600.3.6.1.noarch",
                  "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1.aarch64",
                  "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1.ppc64le",
                  "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1.s390x",
                  "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               products: [
                  "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1.aarch64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1.ppc64le",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1.s390x",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP6:bind-utils-9.18.33-150600.3.6.1.x86_64",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1.aarch64",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1.ppc64le",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1.s390x",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-9.18.33-150600.3.6.1.x86_64",
                  "SUSE Linux Enterprise Module for Server Applications 15 SP6:bind-doc-9.18.33-150600.3.6.1.noarch",
                  "openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1.aarch64",
                  "openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1.ppc64le",
                  "openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1.s390x",
                  "openSUSE Leap 15.6:bind-9.18.33-150600.3.6.1.x86_64",
                  "openSUSE Leap 15.6:bind-doc-9.18.33-150600.3.6.1.noarch",
                  "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1.aarch64",
                  "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1.ppc64le",
                  "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1.s390x",
                  "openSUSE Leap 15.6:bind-utils-9.18.33-150600.3.6.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2025-02-04T12:59:26Z",
               details: "important",
            },
         ],
         title: "CVE-2024-12705",
      },
   ],
}

CVE-2024-11187 (GCVE-0-2024-11187)

Vulnerability from cvelistv5

Published

2025-01-29 21:40

Modified

2025-02-11 19:02

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.

References

▼	URL	Tags
	https://kb.isc.org/docs/cve-2024-11187	vendor-advisory

Impacted products

	Vendor	Product	Version
	ISC	BIND 9	Version: 9.11.0 < Version: 9.16.0 < Version: 9.18.0 < Version: 9.20.0 < Version: 9.21.0 < Version: 9.11.3-S1 < Version: 9.16.8-S1 < Version: 9.18.11-S1 <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-11187",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-01-30T15:27:46.174106Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-01-30T15:27:58.342Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2025-02-11T19:02:32.914Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  url: "https://security.netapp.com/advisory/ntap-20250207-0002/",
               },
               {
                  url: "https://lists.debian.org/debian-lts-announce/2025/02/msg00011.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "BIND 9",
               vendor: "ISC",
               versions: [
                  {
                     lessThanOrEqual: "9.11.37",
                     status: "affected",
                     version: "9.11.0",
                     versionType: "custom",
                  },
                  {
                     lessThanOrEqual: "9.16.50",
                     status: "affected",
                     version: "9.16.0",
                     versionType: "custom",
                  },
                  {
                     lessThanOrEqual: "9.18.32",
                     status: "affected",
                     version: "9.18.0",
                     versionType: "custom",
                  },
                  {
                     lessThanOrEqual: "9.20.4",
                     status: "affected",
                     version: "9.20.0",
                     versionType: "custom",
                  },
                  {
                     lessThanOrEqual: "9.21.3",
                     status: "affected",
                     version: "9.21.0",
                     versionType: "custom",
                  },
                  {
                     lessThanOrEqual: "9.11.37-S1",
                     status: "affected",
                     version: "9.11.3-S1",
                     versionType: "custom",
                  },
                  {
                     lessThanOrEqual: "9.16.50-S1",
                     status: "affected",
                     version: "9.16.8-S1",
                     versionType: "custom",
                  },
                  {
                     lessThanOrEqual: "9.18.32-S1",
                     status: "affected",
                     version: "9.18.11-S1",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "ISC would like to thank Toshifumi Sakaguchi for bringing this vulnerability to our attention.",
            },
         ],
         datePublic: "2025-01-29T00:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               value: "It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure.\nThis issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "We are not aware of any active exploits.",
            },
         ],
         impacts: [
            {
               descriptions: [
                  {
                     lang: "en",
                     value: "A `named` instance vulnerable to this issue can be compelled to consume excessive CPU resources up to the point where exhaustion of resources effectively prevents the server from responding to other client queries. This issue is most likely to affect resolvers but could also degrade authoritative server performance.",
                  },
               ],
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-405",
                     description: "CWE-405 Asymmetric Resource Consumption (Amplification)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-01-29T21:40:11.942Z",
            orgId: "404fd4d2-a609-4245-b543-2c944a302a22",
            shortName: "isc",
         },
         references: [
            {
               name: "CVE-2024-11187",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://kb.isc.org/docs/cve-2024-11187",
            },
         ],
         solutions: [
            {
               lang: "en",
               value: "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.33, 9.20.5, 9.21.4, or 9.18.33-S1.",
            },
         ],
         source: {
            discovery: "EXTERNAL",
         },
         title: "Many records in the additional section cause CPU exhaustion",
         workarounds: [
            {
               lang: "en",
               value: "Setting option `minimal-responses yes;` provides an effective workaround.",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "404fd4d2-a609-4245-b543-2c944a302a22",
      assignerShortName: "isc",
      cveId: "CVE-2024-11187",
      datePublished: "2025-01-29T21:40:11.942Z",
      dateReserved: "2024-11-13T17:20:48.660Z",
      dateUpdated: "2025-02-11T19:02:32.914Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2024-12705 (GCVE-0-2024-12705)

Vulnerability from cvelistv5

Published

2025-01-29 21:40

Modified

2025-02-07 17:02

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1.

References

▼	URL	Tags
	https://kb.isc.org/docs/cve-2024-12705	vendor-advisory

Impacted products

	Vendor	Product	Version
	ISC	BIND 9	Version: 9.18.0 < Version: 9.20.0 < Version: 9.21.0 < Version: 9.18.11-S1 <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-12705",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-01-30T15:25:35.856020Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-01-30T15:27:00.887Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2025-02-07T17:02:44.473Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  url: "https://security.netapp.com/advisory/ntap-20250207-0003/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "BIND 9",
               vendor: "ISC",
               versions: [
                  {
                     lessThanOrEqual: "9.18.32",
                     status: "affected",
                     version: "9.18.0",
                     versionType: "custom",
                  },
                  {
                     lessThanOrEqual: "9.20.4",
                     status: "affected",
                     version: "9.20.0",
                     versionType: "custom",
                  },
                  {
                     lessThanOrEqual: "9.21.3",
                     status: "affected",
                     version: "9.21.0",
                     versionType: "custom",
                  },
                  {
                     lessThanOrEqual: "9.18.32-S1",
                     status: "affected",
                     version: "9.18.11-S1",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "ISC would like to thank Jean-François Billaud for bringing this vulnerability to our attention.",
            },
         ],
         datePublic: "2025-01-29T00:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               value: "Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic.\nThis issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "We are not aware of any active exploits.",
            },
         ],
         impacts: [
            {
               descriptions: [
                  {
                     lang: "en",
                     value: "By flooding a target resolver with HTTP/2 traffic and exploiting this flaw, an attacker could overwhelm the server, causing high CPU and/or memory usage and preventing other clients from establishing DoH connections. This would significantly impair the resolver's performance and effectively deny legitimate clients access to the DNS resolution service.",
                  },
               ],
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-770",
                     description: "CWE-770 Allocation of Resources Without Limits or Throttling",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-01-29T21:40:27.839Z",
            orgId: "404fd4d2-a609-4245-b543-2c944a302a22",
            shortName: "isc",
         },
         references: [
            {
               name: "CVE-2024-12705",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://kb.isc.org/docs/cve-2024-12705",
            },
         ],
         solutions: [
            {
               lang: "en",
               value: "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.33, 9.20.5, 9.21.4, or 9.18.33-S1.",
            },
         ],
         source: {
            discovery: "EXTERNAL",
         },
         title: "DNS-over-HTTPS implementation suffers from multiple issues under heavy query load",
         workarounds: [
            {
               lang: "en",
               value: "The issue affects only the DNS-over-HTTPS protocol and does not apply to instances where DoH is not enabled.",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "404fd4d2-a609-4245-b543-2c944a302a22",
      assignerShortName: "isc",
      cveId: "CVE-2024-12705",
      datePublished: "2025-01-29T21:40:27.839Z",
      dateReserved: "2024-12-17T14:25:50.907Z",
      dateUpdated: "2025-02-07T17:02:44.473Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from csaf_suse

CVE-2024-11187 (GCVE-0-2024-11187)

Vulnerability from cvelistv5

CVE-2024-12705 (GCVE-0-2024-12705)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature