CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
unbound is vulnerable to Denial of Service(DoS). The vulnerability is due to DNS queries being accumulated and responses being sent in pulsing bursts, which can cause resource consumption and traffic amplification.
alas.aws.amazon.com/ALAS-2024-1934.html
datatracker.ietf.org/doc/html/rfc1035
github.com/NLnetLabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de
github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md#version-120
gitlab.isc.org/isc-projects/bind9/-/issues/4398
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TBXPRJ2Q235YUZKYDRWOSYNDFBJQWJ3/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QITY2QBX2OCBTZIXD2A5ES62STFIA4AL/
meterpreter.org/researchers-uncover-dnsbomb-a-new-pdos-attack-exploiting-legitimate-dns-features/
nlnetlabs.nl/downloads/unbound/CVE-2024-33655.txt
nlnetlabs.nl/projects/unbound/security-advisories/
security-tracker.debian.org/tracker/CVE-2024-33655
sp2024.ieee-security.org/accepted-papers.html
www.isc.org/blogs/2024-dnsbomb/