PT-2025-1930 · Isc+11 · Bind 9+11

Published

2024-01-29

·

Updated

2025-07-10

·

CVE-2024-12705

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions BIND 9 versions 9.18.0 through 9.18.32 BIND 9 versions 9.20.0 through 9.20.4 BIND 9 versions 9.21.0 through 9.21.3 BIND 9 versions 9.18.11-S1 through 9.18.32-S1
Description Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic.
Recommendations BIND 9 versions 9.18.0 through 9.18.32 should update to a version outside of the affected range. BIND 9 versions 9.20.0 through 9.20.4 should update to a version outside of the affected range. BIND 9 versions 9.21.0 through 9.21.3 should update to a version outside of the affected range. BIND 9 versions 9.18.11-S1 through 9.18.32-S1 should update to a version outside of the affected range.

Fix

Allocation of Resources Without Limits

Weakness Enumeration

CWE-770

Related Identifiers

ALSA-2025:1670
ALT-PU-2025-2222
ALT-PU-2025-2272
AZL-56105
BDU:2025-07734
CVE-2024-12705
DSA-5854-1
INFSA-2025_1670
MGASA-2025-0036
OESA-2025-1105
OESA-2025-1106
OPENSUSE-SU-2025:14719-1
OPENSUSE-SU-2025_0355-1
RHSA-2025:1670
RHSA-2025_1670
RLSA-2025:1670
SUSE-SU-2025:01787-1
SUSE-SU-2025:0355-1
SUSE-SU-2025_01787-1
SUSE-SU-2025_0355-1
USN-7241-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Bind 9
Bind Server
Ibm Aix
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu