Summary
ISC security updates address 2 vulnerabilities with severity “high”, in the BIND product. These vulnerabilities, if exploited, could lead to compromised service availability.
Risk
Vulnerability impact estimate on the target community: Medium (63.46)
Type
- Denial of Service
Affected products and versions
BIND
- from version 9.11.0 to 9.11.37
- from version 9.16.0 to 9.16.50
- from version 9.18.0 to 9.18.32
- from version 9.20.0 to 9.20.4
- from version 9.21.0 to 9.21.3
BIND Supported Preview Edition
- from version 9.11.3-S1 to 9.11.37-S1
- from version 9.16.8-S1 to 9.16.50-S1
- from version 9.18.11-S1 to 9.18.32-S1
Action mitigation
In line with vendor statements, it is recommended to update vulnerable products following the guidance in the security bulletins reported in the References section.
References
https://kb.isc.org/docs/cve-2024-11187
https://kb.isc.org/docs/cve-2024-12705
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
