CVE-2024-33655
Published: 10 May 2024
The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue.
Notes
Author | Note |
---|---|
Priority reason: Upstream Unbound project has rated this as having a low security impact. |
|
mdeslaur | Unbound itself is not vulnerable to the DNSBomb attack, but can be used to participate in one. The commit below adds some new options to make the impact from Unbound significantly lower. Backporting the commit to mantic and lower is intrusive and may introduce regressions. |
Priority
Status
Package | Release | Status |
---|---|---|
unbound Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Released
(1.9.4-2ubuntu1.6)
|
|
jammy |
Released
(1.13.1-1ubuntu5.5)
|
|
mantic |
Released
(1.17.1-2ubuntu0.2)
|
|
noble |
Released
(1.19.2-1ubuntu3.1)
|
|
trusty |
Needs triage
|
|
upstream |
Released
(1.20.0-1)
|
|
xenial |
Needs triage
|
|
Patches: upstream: https://github.com/NLnetLabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de |