What is CVE-2024-11187?

CVE-2024-11187 is a high-severity vulnerability in Isc Bind 9, classified under Asymmetric Resource Consumption (Amplification). CVSS score: 7.5/10. Published 2025-01-29.

How severe is CVE-2024-11187?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2024-11187 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Isc Bind 9

CVE-2024-11187

It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an ind…

EPSS: 0.042 (88.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Isc Bind 9 — versions 9.11.0, 9.16.0, 9.18.0

Weakness classification (CWE)

CWE-405 — Asymmetric Resource Consumption (Amplification)

Public proof-of-concept exploits

References

CVE-2024-11187 (vendor-advisory)

Frequently asked questions

What is CVE-2024-11187?: CVE-2024-11187 is a high-severity vulnerability in Isc Bind 9, classified under Asymmetric Resource Consumption (Amplification). CVSS score: 7.5/10. Published 2025-01-29.
How severe is CVE-2024-11187?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2024-11187 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.