CVE-2024-33655

EPSS 1.73%
Veröffentlicht 06.06.2024 17:15:51
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 18

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellertechnitium

≫

Produkt dns_server

Default Statusunknown

Version <= 1.19.3

Version 0

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.73%	0.746

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://alas.aws.amazon.com/ALAS-2024-1934.html

https://datatracker.ietf.org/doc/html/rfc1035

https://github.com/NLnetLabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de

https://github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md#version-120

https://gitlab.isc.org/isc-projects/bind9/-/issues/4398

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TBXPRJ2Q235YUZKYDRWOSYNDFBJQWJ3/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QITY2QBX2OCBTZIXD2A5ES62STFIA4AL/

https://meterpreter.org/researchers-uncover-dnsbomb-a-new-pdos-attack-exploiting-legitimate-dns-features/

https://nlnetlabs.nl/downloads/unbound/CVE-2024-33655.txt

https://nlnetlabs.nl/projects/unbound/security-advisories/

https://sp2024.ieee-security.org/accepted-papers.html

https://www.isc.org/blogs/2024-dnsbomb/

https://lists.debian.org/debian-lts-announce/2025/08/msg00019.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QITY2QBX2OCBTZIXD2A5ES62STFIA4AL/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TBXPRJ2Q235YUZKYDRWOSYNDFBJQWJ3/

https://nvd.nist.gov/vuln/detail/CVE-2024-33655

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-33655

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-33655

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-33655