Skip to main content
Version: latest

CVE-2024-1975

CVE Details

CVE-2024-1975

Last Update

9/5/24

NIST CVE Summary

If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.

Our Official Summary

This vulnerability can be exploited by a client only if a server hosts a zone containing a “KEY” Resource Record, or a resolver DNSSEC-validates a “KEY” Resource Record from a DNSSEC-signed domain in cache. In order to exploit this vulenerability, image in which this cve is reported has to be compromised and hacker has to gain privileged access. There are sufficient controls in place to consider the probability of occurence as low. There is a fix available upstream and we are investigating upgrading to the fixed version.

CVE Severity

7.5

Status

Ongoing

Affected Products & Versions

  • Palette VerteX 4.4.14, 4.4.18
  • Palette Enterprise 4.4.18

Revision History

  • 1.0 08/16/2024 Initial Publication
  • 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products
  • 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products