低危 Uncontrolled Resource Consumption (CVE-2024-33655)

CVE编号

CVE-2024-33655

利用情况

暂无

补丁情况

官方补丁

披露时间

2024-05-09
漏洞描述
A DNSBomb flaw was found in the unbound package. The DNSBomb attack works by sending low-rate spoofed queries for a malicious zone to Unbound. By controlling the delay of the malicious authoritative answers, Unbound slowly accumulates pending answers for the spoofed addresses. When the authoritative answers become available to Unbound at the same time, Unbound starts serving all the accumulated queries. This results in large-sized, concentrated response bursts to the spoofed addresses.
解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接
https://access.redhat.com/security/cve/CVE-2024-33655
https://alas.aws.amazon.com/ALAS-2024-1934.html
https://datatracker.ietf.org/doc/html/rfc1035
https://github.com/NLnetLabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de
https://github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md#version-120
https://gitlab.isc.org/isc-projects/bind9/-/issues/4398
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://meterpreter.org/researchers-uncover-dnsbomb-a-new-pdos-attack-exploit...
https://nlnetlabs.nl/downloads/unbound/CVE-2024-33655.txt
https://nlnetlabs.nl/projects/unbound/security-advisories/
https://sp2024.ieee-security.org/accepted-papers.html
https://www.isc.org/blogs/2024-dnsbomb/
https://www.nlnetlabs.nl/news/2024/May/08/unbound-1.20.0-released/
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
系统 alpine_3.17 unbound * Up to
(excluding)
1.20.0-r0
运行在以下环境
系统 alpine_3.18 unbound * Up to
(excluding)
1.20.0-r0
运行在以下环境
系统 alpine_3.19 unbound * Up to
(excluding)
1.20.0-r0
运行在以下环境
系统 amazon_2023 unbound * Up to
(excluding)
1.17.1-1.amzn2023.0.4
运行在以下环境
系统 amazon_AMI unbound * Up to
(excluding)
1.6.6-1.6.amzn1
运行在以下环境
系统 fedora_39 unbound * Up to
(excluding)
1.20.0-1.fc39
运行在以下环境
系统 fedora_40 unbound * Up to
(excluding)
1.20.0-1.fc40
阿里云评分
3.7
  • 攻击路径
    本地
  • 攻击复杂度
    困难
  • 权限要求
    管控权限
  • 影响范围
    有限影响
  • EXP成熟度
    未验证
  • 补丁情况
    官方补丁
  • 数据保密性
    无影响
  • 数据完整性
    无影响
  • 服务器危害
    无影响
  • 全网数量
    N/A
CWE-ID 漏洞类型
CWE-400 未加控制的资源消耗(资源穷尽)
阿里云安全产品覆盖情况