A denial-of-service vulnerability has been identified in ISC BIND 9, specifically in versions 9.11.0 prior to 9.11.37, 9.16.0 prior to 9.16.50, 9.18.0 prior to 9.18.32, 9.20.0 prior to 9.20.4, 9.21.0 prior to 9.21.3, as well as in the BIND Supported Preview Edition versions 9.11.3-S1 prior to 9.11.37-S1, 9.16.8-S1 prior to 9.16.50-S1, and 9.18.11-S1 prior to 9.18.32-S1. This vulnerability allows for excessive CPU resource consumption by exploiting zones crafted to generate responses with numerous records in the Additional section. An attacker can send multiple such queries, causing either the authoritative server or an independent resolver to process these queries using disproportionate resources. This exploitation can lead to a significant degradation of server performance, especially for resolvers, and effectively prevent the server from responding to other client queries.
Exploitation of this vulnerability causes excessive CPU resource consumption, leading to a denial-of-service condition where the server struggles to respond to other client queries. This issue can affect both authoritative servers and resolvers, with the latter likely experiencing the most significant impact.
Users can upgrade to BIND versions 9.18.33, 9.20.5, or 9.21.4. For those using BIND Supported Preview Edition, version 9.18.33-S1 is available. NetApp products affected by this vulnerability should consult the specific NetApp advisory for guidance.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
