First published: Mon Feb 12 2024(Updated: )
ISC BIND is vulnerable to a denial of service, caused by an error when preparing an NSEC3 closest encloser proof. By flooding the target resolver with queries, a remote attacker could exploit this vulnerability to cause CPU exhaustion on a DNSSEC-validating resolver.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
IBM QRadar SIEM | <=7.5 - 7.5.0 UP8 IF01 | |
Microsoft Windows Server 2016 | ||
Microsoft Windows Server 2016 | ||
Microsoft Windows Server 2012 | ||
Microsoft Windows Server 2012 R2 | ||
Microsoft Windows Server 2012 | ||
Microsoft Windows Server 2019 | ||
Microsoft Windows Server 2022 | ||
Microsoft Windows Server 2019 | ||
Microsoft Windows Server 2012 R2 | ||
Microsoft Windows Server 2022 | ||
Microsoft Windows Server 2022, 23H2 Edition | ||
F5 BIG-IP | >=17.1.0<=17.1.1 | 17.1.2 |
F5 BIG-IP | >=16.1.0<=16.1.5 | |
F5 BIG-IP | >=15.1.0<=15.1.10 | |
debian/bind9 | 1:9.16.50-1~deb11u2 1:9.16.50-1~deb11u1 1:9.18.28-1~deb12u2 1:9.20.4-2 1:9.20.4-3 | |
debian/dnsjava | <=2.1.8-2 | |
debian/dnsmasq | <=2.85-1<=2.89-1 | 2.85-1+deb11u1 2.90-7 |
debian/knot-resolver | <=5.3.1-1+deb11u1 | 5.6.0-1+deb12u1 5.7.4-2 |
debian/pdns-recursor | <=4.4.2-3 | 4.8.8-1 5.1.3-1 |
debian/systemd | <=247.3-7+deb11u5 | 247.3-7+deb11u6 252.31-1~deb12u1 257-2 257.1-3 |
debian/unbound | 1.13.1-1+deb11u2 1.13.1-1+deb11u4 1.17.1-2+deb12u2 1.22.0-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.