CVE-2024-33655

2024-05-1000:00:00

ubuntu.com

security

vulnerability

cve

2024

33655

unix

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.3%

JSON

The DNS protocol in RFC 1035 and updates allows remote attackers to cause a
denial of service (resource consumption) by arranging for DNS queries to be
accumulated for seconds, such that responses are later sent in a pulsing
burst (which can be considered traffic amplification in some cases), aka
the “DNSBomb” issue.

Notes

Author	Note
	Priority reason: Upstream Unbound project has rated this as having a low security impact.
mdeslaur	Unbound itself is not vulnerable to the DNSBomb attack, but can be used to participate in one. The commit below adds some new options to make the impact from Unbound significantly lower. Backporting the commit to mantic and lower is intrusive and may introduce regressions.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchunbound< anyUNKNOWN
ubuntu20.04noarchunbound< 1.9.4-2ubuntu1.6UNKNOWN
ubuntu22.04noarchunbound< 1.13.1-1ubuntu5.5UNKNOWN
ubuntu23.10noarchunbound< 1.17.1-2ubuntu0.2UNKNOWN
ubuntu24.04noarchunbound< 1.19.2-1ubuntu3.1UNKNOWN
ubuntu14.04noarchunbound< anyUNKNOWN
ubuntu16.04noarchunbound< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	unbound	< any	UNKNOWN
ubuntu	20.04	noarch	unbound	< 1.9.4-2ubuntu1.6	UNKNOWN
ubuntu	22.04	noarch	unbound	< 1.13.1-1ubuntu5.5	UNKNOWN
ubuntu	23.10	noarch	unbound	< 1.17.1-2ubuntu0.2	UNKNOWN
ubuntu	24.04	noarch	unbound	< 1.19.2-1ubuntu3.1	UNKNOWN
ubuntu	14.04	noarch	unbound	< any	UNKNOWN
ubuntu	16.04	noarch	unbound	< any	UNKNOWN