Bugzilla – Bug 1228256
VUL-0: CVE-2024-1737: bind: BIND's database will be slow if a very large number of RRs exist at the same name
Last modified: 2024-07-25 14:10:05 UTC
Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions: 9.11.0 -> 9.11.37 9.16.0 -> 9.16.50 9.18.0 -> 9.18.27 9.19.0 -> 9.19.24 9.11.4-S1 -> 9.11.37-S1 9.16.8-S1 -> 9.16.50-S1 9.18.11-S1 -> 9.18.27-S1 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1737 https://seclists.org/oss-sec/2024/q3/101 https://kb.isc.org/docs/cve-2024-0760 https://kb.isc.org/docs/cve-2024-4076 https://kb.isc.org/docs/cve-2024-1975 https://kb.isc.org/docs/cve-2024-1737 https://downloads.isc.org/isc/bind9/9.18.28/patches/ http://www.openwall.com/lists/oss-security/2024/07/23/1 https://www.cve.org/CVERecord?id=CVE-2024-1737 https://kb.isc.org/docs/rrset-limits-in-zones https://bugzilla.redhat.com/show_bug.cgi?id=2298893
Created attachment 876221 [details] upstream patch All code streams >= SLE-12-SP4 are affected by this issue.