mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
123 lines
4.3 KiB
JSON
123 lines
4.3 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-0760",
|
|
"ASSIGNER": "security-officer@isc.org",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. \nThis issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "ISC",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "BIND 9",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "9.18.1",
|
|
"version_value": "9.18.27"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "9.19.0",
|
|
"version_value": "9.19.24"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "9.18.11-S1",
|
|
"version_value": "9.18.27-S1"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://kb.isc.org/docs/cve-2024-0760",
|
|
"refsource": "MISC",
|
|
"name": "https://kb.isc.org/docs/cve-2024-0760"
|
|
},
|
|
{
|
|
"url": "http://www.openwall.com/lists/oss-security/2024/07/23/1",
|
|
"refsource": "MISC",
|
|
"name": "http://www.openwall.com/lists/oss-security/2024/07/23/1"
|
|
},
|
|
{
|
|
"url": "http://www.openwall.com/lists/oss-security/2024/07/31/2",
|
|
"refsource": "MISC",
|
|
"name": "http://www.openwall.com/lists/oss-security/2024/07/31/2"
|
|
}
|
|
]
|
|
},
|
|
"source": {
|
|
"discovery": "INTERNAL"
|
|
},
|
|
"work_around": [
|
|
{
|
|
"lang": "en",
|
|
"value": "No workarounds known."
|
|
}
|
|
],
|
|
"exploit": [
|
|
{
|
|
"lang": "en",
|
|
"value": "This flaw was discovered in internal testing. We are not aware of any active exploits."
|
|
}
|
|
],
|
|
"solution": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.28, 9.20.0, or 9.18.28-S1."
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"version": "3.1",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "HIGH",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"baseScore": 7.5,
|
|
"baseSeverity": "HIGH"
|
|
}
|
|
]
|
|
}
|
|
} |