We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-33655



Description

The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue.

Reserved 2024-04-25 | Published 2024-06-06 | Updated 2024-08-22 | Assigner mitre

References

datatracker.ietf.org/doc/html/rfc1035

nlnetlabs.nl/projects/unbound/security-advisories/

github.com/...iumSoftware/DnsServer/blob/master/CHANGELOG.md

www.isc.org/blogs/2024-dnsbomb/

nlnetlabs.nl/downloads/unbound/CVE-2024-33655.txt

github.com/...ommit/c3206f4568f60c486be6d165b1f2b5b254fea3de

alas.aws.amazon.com/ALAS-2024-1934.html

meterpreter.org/...ttack-exploiting-legitimate-dns-features/

sp2024.ieee-security.org/accepted-papers.html

gitlab.isc.org/isc-projects/bind9/-/issues/4398

lists.fedoraproject.org/...QITY2QBX2OCBTZIXD2A5ES62STFIA4AL/ (FEDORA-2024-9df760819c) vendor-advisory

lists.fedoraproject.org/...3TBXPRJ2Q235YUZKYDRWOSYNDFBJQWJ3/ (FEDORA-2024-68626e0eb5) vendor-advisory

cve.org (CVE-2024-33655)

nvd.nist.gov (CVE-2024-33655)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2024-33655

Support options

Helpdesk Chat, Email, Knowledgebase