CVE-2024-0760
HIGH7.5EPSS 16.7%Published: 7/23/2024Modified: 12/3/2025
Also known as:ALPINE-CVE-2024-0760
Description
A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1.
Affected packages (2)
- Alpine/bindfrom 0, < 9.18.31-r0
- Debian/bind9from 0, < 1:9.18.28-1~deb12u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |