[ALPINE:CVE-2024-1975] bind vulnerability

Severity High

Affected Packages 8

Fixed Packages 8

CVEs 1

[From CVE-2024-1975] If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests.
This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.

Package	Affected Version
pkg:apk/alpine/bind?arch=x86_64&distro=alpine-edge	< 9.18.28-r0
pkg:apk/alpine/bind?arch=x86&distro=alpine-edge	< 9.18.28-r0
pkg:apk/alpine/bind?arch=s390x&distro=alpine-edge	< 9.18.28-r0
pkg:apk/alpine/bind?arch=riscv64&distro=alpine-edge	< 9.18.28-r0
pkg:apk/alpine/bind?arch=ppc64le&distro=alpine-edge	< 9.18.28-r0
pkg:apk/alpine/bind?arch=armv7&distro=alpine-edge	< 9.18.28-r0
pkg:apk/alpine/bind?arch=armhf&distro=alpine-edge	< 9.18.28-r0
pkg:apk/alpine/bind?arch=aarch64&distro=alpine-edge	< 9.18.28-r0

Package	Fixed Version
pkg:apk/alpine/bind?arch=x86_64&distro=alpine-edge	= 9.18.28-r0
pkg:apk/alpine/bind?arch=x86&distro=alpine-edge	= 9.18.28-r0
pkg:apk/alpine/bind?arch=s390x&distro=alpine-edge	= 9.18.28-r0
pkg:apk/alpine/bind?arch=riscv64&distro=alpine-edge	= 9.18.28-r0
pkg:apk/alpine/bind?arch=ppc64le&distro=alpine-edge	= 9.18.28-r0
pkg:apk/alpine/bind?arch=armv7&distro=alpine-edge	= 9.18.28-r0
pkg:apk/alpine/bind?arch=armhf&distro=alpine-edge	= 9.18.28-r0
pkg:apk/alpine/bind?arch=aarch64&distro=alpine-edge	= 9.18.28-r0

ID

ALPINE:CVE-2024-1975

Severity

high

Severity from

CVE-2024-1975

URL

https://security.alpinelinux.org/vuln/CVE-2024-1975

Published

2024-07-23T15:15:03
(7 weeks ago)

Modified

2024-07-23T15:15:03
(7 weeks ago)

Rights

Alpine Linux Security Team

Other Advisories

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Fixed	pkg:apk/alpine/bind?arch=x86_64&distro=alpine-edge	alpine	bind	= 9.18.28-r0	alpine-edge	x86_64
Affected	pkg:apk/alpine/bind?arch=x86_64&distro=alpine-edge	alpine	bind	< 9.18.28-r0	alpine-edge	x86_64
Fixed	pkg:apk/alpine/bind?arch=x86&distro=alpine-edge	alpine	bind	= 9.18.28-r0	alpine-edge	x86
Affected	pkg:apk/alpine/bind?arch=x86&distro=alpine-edge	alpine	bind	< 9.18.28-r0	alpine-edge	x86
Fixed	pkg:apk/alpine/bind?arch=s390x&distro=alpine-edge	alpine	bind	= 9.18.28-r0	alpine-edge	s390x
Affected	pkg:apk/alpine/bind?arch=s390x&distro=alpine-edge	alpine	bind	< 9.18.28-r0	alpine-edge	s390x
Fixed	pkg:apk/alpine/bind?arch=riscv64&distro=alpine-edge	alpine	bind	= 9.18.28-r0	alpine-edge	riscv64
Affected	pkg:apk/alpine/bind?arch=riscv64&distro=alpine-edge	alpine	bind	< 9.18.28-r0	alpine-edge	riscv64
Fixed	pkg:apk/alpine/bind?arch=ppc64le&distro=alpine-edge	alpine	bind	= 9.18.28-r0	alpine-edge	ppc64le
Affected	pkg:apk/alpine/bind?arch=ppc64le&distro=alpine-edge	alpine	bind	< 9.18.28-r0	alpine-edge	ppc64le
Fixed	pkg:apk/alpine/bind?arch=armv7&distro=alpine-edge	alpine	bind	= 9.18.28-r0	alpine-edge	armv7
Affected	pkg:apk/alpine/bind?arch=armv7&distro=alpine-edge	alpine	bind	< 9.18.28-r0	alpine-edge	armv7
Fixed	pkg:apk/alpine/bind?arch=armhf&distro=alpine-edge	alpine	bind	= 9.18.28-r0	alpine-edge	armhf
Affected	pkg:apk/alpine/bind?arch=armhf&distro=alpine-edge	alpine	bind	< 9.18.28-r0	alpine-edge	armhf
Fixed	pkg:apk/alpine/bind?arch=aarch64&distro=alpine-edge	alpine	bind	= 9.18.28-r0	alpine-edge	aarch64
Affected	pkg:apk/alpine/bind?arch=aarch64&distro=alpine-edge	alpine	bind	< 9.18.28-r0	alpine-edge	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date