Excessive CPU Usage for DNSSEC-Validated 'KEY' Resource Records in BIND 9
CVE-2024-1975
7.5HIGH
What is CVE-2024-1975?
A resource exhaustion vulnerability exists in BIND 9 software that can be exploited when a server hosts a zone containing a 'KEY' Resource Record, or when a resolver DNSSEC-validates a 'KEY' Resource Record from a DNSSEC-signed domain cached. Attackers can overwhelm resolver CPU resources with a continuous stream of SIG(0) signed requests, potentially leading to a denial of service condition. This affects multiple versions of BIND 9, including those from the 9.0.0 series to the latest releases.
Affected Version(s)
BIND 9 9.0.0 <= 9.11.37
BIND 9 9.16.0 <= 9.16.50
BIND 9 9.18.0 <= 9.18.27