CVE-2024-1737

NameCVE-2024-1737
DescriptionResolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-5734-1, ELA-1168-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bind9 (PTS)jessie, jessie (lts)1:9.9.5.dfsg-9+deb8u31vulnerable
stretch (security)1:9.10.3.dfsg.P4-12.3+deb9u12vulnerable
stretch (lts), stretch1:9.10.3.dfsg.P4-12.3+deb9u16vulnerable
buster, buster (lts)1:9.11.5.P4+dfsg-5.1+deb10u13fixed
buster (security)1:9.11.5.P4+dfsg-5.1+deb10u11vulnerable
bullseye1:9.16.50-1~deb11u2fixed
bullseye (security)1:9.16.50-1~deb11u1fixed
bookworm (security), bookworm1:9.18.28-1~deb12u2fixed
sid, trixie1:9.20.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bind9sourcebuster1:9.11.5.P4+dfsg-5.1+deb10u13ELA-1168-1
bind9sourcebullseye1:9.16.50-1~deb11u1DSA-5734-1
bind9sourcebookworm1:9.18.28-1~deb12u1DSA-5734-1
bind9source(unstable)1:9.20.0-1

Notes

https://kb.isc.org/docs/cve-2024-1737
RRset limits in zones: https://kb.isc.org/docs/rrset-limits-in-zones

Search for package or bug name: Reporting problems