Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion. This issue affects BIND 9 versions 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.
The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary’s influence is “asymmetric.”
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Red Hat Enterprise Linux 10 | RedHat | bind-32:9.18.33-4.el10_0.2 | * |
| Red Hat Enterprise Linux 10 | RedHat | bind-32:9.18.33-10.el10_1.2 | * |
| Red Hat Enterprise Linux 9 | RedHat | bind9.18-32:9.18.29-4.el9_6.2 | * |
| Red Hat Enterprise Linux 9 | RedHat | bind9.18-32:9.18.29-5.el9_7.2 | * |
| Bind9 | Ubuntu | devel | * |
| Bind9 | Ubuntu | esm-infra/bionic | * |
| Bind9 | Ubuntu | esm-infra/focal | * |
| Bind9 | Ubuntu | jammy | * |
| Bind9 | Ubuntu | noble | * |
| Bind9 | Ubuntu | plucky | * |
| Bind9 | Ubuntu | questing | * |
| Bind9 | Ubuntu | upstream | * |