Lucene search

Veracode Vulnerability DatabaseVERACODE:46849

HistoryMay 12, 2024 - 8:51 a.m.

Denial Of Service(DoS)

2024-05-1208:51:17

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

denial of service

dns queries

resource consumption

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

Low

JSON

unbound is vulnerable to Denial of Service(DoS). The vulnerability is due to DNS queries being accumulated and responses being sent in pulsing bursts, which can cause resource consumption and traffic amplification.

References

alas.aws.amazon.com/ALAS-2024-1934.html

datatracker.ietf.org/doc/html/rfc1035

github.com/NLnetLabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de

github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md#version-120

gitlab.isc.org/isc-projects/bind9/-/issues/4398

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TBXPRJ2Q235YUZKYDRWOSYNDFBJQWJ3/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QITY2QBX2OCBTZIXD2A5ES62STFIA4AL/

meterpreter.org/researchers-uncover-dnsbomb-a-new-pdos-attack-exploiting-legitimate-dns-features/

nlnetlabs.nl/downloads/unbound/CVE-2024-33655.txt

nlnetlabs.nl/projects/unbound/security-advisories/

security-tracker.debian.org/tracker/CVE-2024-33655

sp2024.ieee-security.org/accepted-papers.html

www.isc.org/blogs/2024-dnsbomb/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

Low

JSON

Related for VERACODE:46849