CVE-2024-33655 : The DNS protocol in RFC 1035 and updates allows remote attackers to cause a deni

The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue.

Published 2024-06-06 17:15:51

Updated 2024-08-22 19:35:27

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2024-33655

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2024-33655

EPSS FAQ

1.43%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 80 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-33655

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-08-22
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2024-33655

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2024-33655

https://nlnetlabs.nl/projects/unbound/security-advisories/

NLnet Labs - Unbound - Security Advisories
https://github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md#version-120

DnsServer/CHANGELOG.md at master · TechnitiumSoftware/DnsServer · GitHub
https://github.com/NLnetLabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de

- Fix for the DNSBomb vulnerability CVE-2024-33655. Thanks to Xiang Li · NLnetLabs/unbound@c3206f4 · GitHub
https://datatracker.ietf.org/doc/html/rfc1035

RFC 1035 - Domain names - implementation and specification
https://meterpreter.org/researchers-uncover-dnsbomb-a-new-pdos-attack-exploiting-legitimate-dns-features/

Researchers Uncover 'DNSBomb' – A New PDoS Attack Exploiting Legitimate DNS Features
https://sp2024.ieee-security.org/accepted-papers.html

IEEE Symposium on Security and Privacy 2024
https://nlnetlabs.nl/downloads/unbound/CVE-2024-33655.txt
https://alas.aws.amazon.com/ALAS-2024-1934.html

ALAS-2024-1934
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QITY2QBX2OCBTZIXD2A5ES62STFIA4AL/

[SECURITY] Fedora 39 Update: unbound-1.20.0-1.fc39 - package-announce - Fedora Mailing-Lists
https://www.isc.org/blogs/2024-dnsbomb/

Rate Limits in BIND 9 Effective vs. DNSBomb Vulnerability - ISC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TBXPRJ2Q235YUZKYDRWOSYNDFBJQWJ3/

[SECURITY] Fedora 40 Update: unbound-1.20.0-1.fc40 - package-announce - Fedora Mailing-Lists
https://gitlab.isc.org/isc-projects/bind9/-/issues/4398

Report: New DNS-based Pulsing DoS Attack (DNSBomb) of BIND (#4398) · Issues · ISC Open Source Projects / BIND · GitLab

Jump to

Vulnerability Details : CVE-2024-33655

Products affected by CVE-2024-33655

Exploit prediction scoring system (EPSS) score for CVE-2024-33655

CVSS scores for CVE-2024-33655

CWE ids for CVE-2024-33655

References for CVE-2024-33655