Home > Vulnerability Database > CVE-2024-11187

Mend.io Vulnerability Database

CVE-2024-11187

Good to know:

Date: January 29, 2025

It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.

Severity Score

7.5

Related Resources (5)

Url: https://kb.isc.org/docs/cve-2024-11187

Url: https://lists.debian.org/debian-lts-announce/2025/02/msg00011.html

Url: https://security.netapp.com/advisory/ntap-20250207-0002/

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-11187

Url: https://www.mend.io/vulnerability-database/CVE-2024-11187

Severity Score

7.5

Weakness Type (CWE)

Asymmetric Resource Consumption (Amplification)

CWE-405

Top Fix

Upgrade Version

Upgrade to version bind - no_fix

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-11187

Good to know:

Date: January 29, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?