CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-12705 – DNS-over-HTTPS implementation suffers from multiple issues under heavy query load
https://notcve.org/view.php?id=CVE-2024-12705
29 Jan 2025 — Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1. A flaw was found in BIND 9. By flooding a target resolver with HTTP/2 traffic and exploiting this flaw, an attacker could overwhelm the server, causing high CPU and/or memory usage and preventing other clients from establishing D... • https://kb.isc.org/docs/cve-2024-12705 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-11187 – Many records in the additional section cause CPU exhaustion
https://notcve.org/view.php?id=CVE-2024-11187
29 Jan 2025 — It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 ... • https://kb.isc.org/docs/cve-2024-11187 • CWE-400: Uncontrolled Resource Consumption CWE-405: Asymmetric Resource Consumption (Amplification) •