CVE-2024-1737

NameCVE-2024-1737
DescriptionResolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-5734-1, ELA-1168-1, ELA-1245-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bind9 (PTS)jessie, jessie (lts)1:9.9.5.dfsg-9+deb8u31vulnerable
stretch (security)1:9.10.3.dfsg.P4-12.3+deb9u12vulnerable
stretch (lts), stretch1:9.10.3.dfsg.P4-12.3+deb9u17fixed
buster, buster (lts)1:9.11.5.P4+dfsg-5.1+deb10u13fixed
buster (security)1:9.11.5.P4+dfsg-5.1+deb10u11vulnerable
bullseye1:9.16.50-1~deb11u2fixed
bullseye (security)1:9.16.50-1~deb11u1fixed
bookworm (security), bookworm1:9.18.28-1~deb12u2fixed
trixie1:9.20.4-2fixed
sid1:9.20.4-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bind9sourcestretch1:9.10.3.dfsg.P4-12.3+deb9u17ELA-1245-1
bind9sourcebuster1:9.11.5.P4+dfsg-5.1+deb10u13ELA-1168-1
bind9sourcebullseye1:9.16.50-1~deb11u1DSA-5734-1
bind9sourcebookworm1:9.18.28-1~deb12u1DSA-5734-1
bind9source(unstable)1:9.20.0-1

Notes

https://kb.isc.org/docs/cve-2024-1737
RRset limits in zones: https://kb.isc.org/docs/rrset-limits-in-zones
[jessie] - bind9 <ignored> (Too intrusive to backport)

Search for package or bug name: Reporting problems