mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
68 lines
2.6 KiB
JSON
68 lines
2.6 KiB
JSON
{
|
|
"id": "CVE-2024-1975",
|
|
"sourceIdentifier": "security-officer@isc.org",
|
|
"published": "2024-07-23T15:15:03.943",
|
|
"lastModified": "2024-08-01T13:46:16.177",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "If a server hosts a zone containing a \"KEY\" Resource Record, or a resolver DNSSEC-validates a \"KEY\" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests.\nThis issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Si un servidor aloja una zona que contiene un registro de recursos \"KEY\", o un solucionador DNSSEC valida un registro de recursos \"KEY\" de un dominio firmado por DNSSEC en cach\u00e9, un cliente puede agotar los recursos de la CPU del solucionador enviando una secuencia de solicitudes firmadas SIG(0). Este problema afecta a las versiones de BIND 9 9.0.0 a 9.11.37, 9.16.0 a 9.16.50, 9.18.0 a 9.18.27, 9.19.0 a 9.19.24, 9.9.3-S1 a 9.11.37-S1, 9.16.8-S1 a 9.16.49-S1 y 9.18.11-S1 a 9.18.27-S1."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "security-officer@isc.org",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.5,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 3.6
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-770"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.openwall.com/lists/oss-security/2024/07/23/1",
|
|
"source": "security-officer@isc.org"
|
|
},
|
|
{
|
|
"url": "http://www.openwall.com/lists/oss-security/2024/07/31/2",
|
|
"source": "security-officer@isc.org"
|
|
},
|
|
{
|
|
"url": "https://kb.isc.org/docs/cve-2024-1975",
|
|
"source": "security-officer@isc.org"
|
|
}
|
|
]
|
|
} |