CISA Warns of Exploitable Vulnerabilities in Popular BIND 9 DNS Software
25-July-24
The Internet Systems Consortium (ISC) has issued patches for several security vulnerabilities in the BIND 9 DNS software, as noted by the Cybersecurity and Infrastructure Security Agency (CISA). These vulnerabilities, tracked as CVE-2024-4076, CVE-2024-1975, CVE-2024-1737, and CVE-2024-0760 (all with a CVSS score of 7.5), can lead to denial-of-service (DoS) conditions through assertion failures, excessive CPU load, slow database processing, and unresponsive servers. The issues have been fixed in BIND 9 versions 9.18.28, 9.20.0, and 9.18.28-S1, with no evidence of exploitation in the wild.
