Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 949125 (CVE-2024-11187, CVE-2024-12705) - net-dns/bind: resource exhaustion with DoH or many records in additional section
Summary: net-dns/bind: resource exhaustion with DoH or many records in additional section
Status: CONFIRMED
Alias: CVE-2024-11187, CVE-2024-12705
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://kb.isc.org/docs/aa-00913
Whiteboard: B3 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2025-01-31 18:09 UTC by Hanno Böck
Modified: 2025-02-01 06:34 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2025-01-31 18:09:26 UTC 
Two vulnerabilities (CVE-2024-11187,CVE-2024-12705) have been fixed in the latest updates of bind.

Fixed in 9.18.33,9.20.5,9.21.4.
Comment 1 Hans de Graaff gentoo-dev Security 2025-02-01 06:34:23 UTC 
Thanks for reporting. I've removed the version number from the summary since we only use that for fixed versions in the repository.