The Internet Systems Consortium (ISC) released security advisories to address vulnerabilities affecting multiple versions of ISC’s Berkeley Internet Name Domain (BIND) 9. A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition.
CISA encourages users and administrators to review the following advisories and apply the necessary updates:
- CVE-2024-4076: Assertion failure when serving both stale cache data and authoritative zone content
- CVE-2024-1975: SIG(0) can be used to exhaust CPU resources
- CVE-2024-1737: BIND’s database will be slow if a very large number of RRs exist at the same name
- CVE-2024-0760: A flood of DNS messages over TCP may make the server unstable
