Unbound Version 1.21.0-1.21.1 Vulnerability: Large RRset Name Compression Attack
CVE-2024-8508

5.3MEDIUM

Key Information:

Vendor: Nlnet Labs
Status: Unbound
Vendor: CVE Published:; 3 October 2024

What is CVE-2024-8508?

The vulnerability in NLnet Labs Unbound arises from its processing of replies containing very large resource record sets (RRsets), which necessitate name compression. This flaw allows malicious actors to send specially crafted DNS responses that prompt Unbound to perform extensive name compression operations. As a result, the server may experience prolonged CPU utilization, leading to degraded performance and potential denial of service during targeted attacks. The issue is effectively mitigated in Unbound version 1.21.1, where a hard cap has been established on the number of name compression calculations conducted per packet. This solution protects the server from locking the CPU for excessive periods while still permitting normal DNS traffic handling.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Unbound 0 <= 1.21.0

References

https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-8508.txt

vendor-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 3, 2024

Credit

Toshifumi Sakaguchi

JSON

Nlnet Labs

What is CVE-2024-8508?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.