Bug 1228256 (CVE-2024-1737)

Summary: VUL-0: CVE-2024-1737: bind: BIND's database will be slow if a very large number of RRs exist at the same name
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Jorik Cronenberg <jorik.cronenberg>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P2 - High CC: abergmann
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/414980/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-1737:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: upstream patch

Description SMASH SMASH 2024-07-24 06:21:36 UTC 
Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name.

This issue affects BIND 9 versions:
9.11.0 -> 9.11.37 
9.16.0 -> 9.16.50 
9.18.0 -> 9.18.27 
9.19.0 -> 9.19.24
9.11.4-S1 -> 9.11.37-S1 
9.16.8-S1 -> 9.16.50-S1 
9.18.11-S1 -> 9.18.27-S1

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1737
https://seclists.org/oss-sec/2024/q3/101
https://kb.isc.org/docs/cve-2024-0760
https://kb.isc.org/docs/cve-2024-4076
https://kb.isc.org/docs/cve-2024-1975
https://kb.isc.org/docs/cve-2024-1737
https://downloads.isc.org/isc/bind9/9.18.28/patches/
http://www.openwall.com/lists/oss-security/2024/07/23/1
https://www.cve.org/CVERecord?id=CVE-2024-1737
https://kb.isc.org/docs/rrset-limits-in-zones
https://bugzilla.redhat.com/show_bug.cgi?id=2298893
Comment 1 Alexander Bergmann 2024-07-24 07:10:31 UTC 
Created attachment 876221 [details]
upstream patch

All code streams >= SLE-12-SP4 are affected by this issue.