CVE-2024-33655
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-33655
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-33655.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-33655
- Downstream
- Related
- Published
- 2024-06-06T17:15:51.040Z
- Modified
- 2025-11-15T19:03:40.407502Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue.
- References
-
- https://alas.aws.amazon.com/ALAS-2024-1934.html
- https://datatracker.ietf.org/doc/html/rfc1035
- https://github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md#version-120
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TBXPRJ2Q235YUZKYDRWOSYNDFBJQWJ3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QITY2QBX2OCBTZIXD2A5ES62STFIA4AL/
- https://meterpreter.org/researchers-uncover-dnsbomb-a-new-pdos-attack-exploiting-legitimate-dns-features/
- https://nlnetlabs.nl/downloads/unbound/CVE-2024-33655.txt
- https://sp2024.ieee-security.org/accepted-papers.html
- https://lists.debian.org/debian-lts-announce/2025/08/msg00019.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TBXPRJ2Q235YUZKYDRWOSYNDFBJQWJ3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QITY2QBX2OCBTZIXD2A5ES62STFIA4AL/
- https://nlnetlabs.nl/projects/unbound/security-advisories/
- https://gitlab.isc.org/isc-projects/bind9/-/issues/4398
- https://github.com/NLnetLabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de
- https://www.isc.org/blogs/2024-dnsbomb/
Affected packages
Git / github.com/nlnetlabs/unbound
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nlnetlabs/unbound
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.11.0rc1
Other
final-svn-state
release-0.*
release-0.0
release-0.1
release-0.10
release-0.11
release-0.3
release-0.4
release-0.5
release-0.6
release-0.7
release-0.8
release-1.*
release-1.0.1
release-1.1.1
release-1.10.0rc1
release-1.10.0rc2
release-1.11.0
release-1.11.0rc1
release-1.12.0
release-1.12.0rc1
release-1.13.0rc1
release-1.13.0rc2
release-1.13.0rc3
release-1.13.0rc4
release-1.13.1
release-1.13.1rc1
release-1.13.1rc2
release-1.13.2
release-1.13.2rc1
release-1.14.0
release-1.14.0rc1
release-1.15.0
release-1.15.0rc1
release-1.16.0
release-1.16.0rc1
release-1.16.1
release-1.16.1rc1
release-1.16.2
release-1.16.3
release-1.17.0
release-1.17.0rc1
release-1.17.1
release-1.17.1rc1
release-1.17.1rc2
release-1.18.0
release-1.18.0rc1
release-1.19.0
release-1.19.0rc1
release-1.19.3rc1
release-1.3.1
release-1.3.2
release-1.3.3
release-1.3.3rc1
release-1.4.0
release-1.4.0rc1
release-1.4.1
release-1.4.11
release-1.4.11rc1
release-1.4.11rc2
release-1.4.11rc3
release-1.4.12rc1
release-1.4.13
release-1.4.13rc1
release-1.4.13rc2
release-1.4.14
release-1.4.14rc1
release-1.4.17
release-1.4.17rc1
release-1.4.18rc1
release-1.4.18rc2
release-1.4.19
release-1.4.19rc1
release-1.4.2
release-1.4.20
release-1.4.22
release-1.4.22rc1
release-1.4.3
release-1.4.4
release-1.4.4rc1
release-1.4.5
release-1.4.5rc1
release-1.4.6
release-1.4.6rc1
release-1.4.7
release-1.4.7rc1
release-1.4.8rc1
release-1.4.9
release-1.4.9rc1
release-1.5.0rc1
release-1.5.1
release-1.5.10
release-1.5.10rc1
release-1.5.1rc1
release-1.5.1rc2
release-1.5.2
release-1.5.2rc1
release-1.5.3rc1
release-1.5.4
release-1.5.4rc1
release-1.5.5
release-1.5.5rc1
release-1.5.6
release-1.5.6rc1
release-1.5.7
release-1.5.8
release-1.5.8rc1
release-1.5.9rc1
release-1.6.0rc1
release-1.6.1rc1
release-1.6.1rc2
release-1.6.1rc3
release-1.6.2rc1
release-1.6.4rc1
release-1.6.4rc2
release-1.6.6rc1
release-1.6.6rc2
release-1.6.7
release-1.6.7rc1
release-1.7.0rc1
release-1.7.0rc2
release-1.7.0rc3
release-1.7.1rc1
release-1.7.2rc1
release-1.7.3rc1
release-1.8.0rc1
release-1.8.1rc1
release-1.8.2rc1
release-1.9.0rc1
release-1.9.1rc1
release-1.9.2
release-1.9.2rc1
release-1.9.2rc2
release-1.9.2rc3
release-1.9.3
release-1.9.3rc1
release-1.9.3rc2
release-1.9.4
release-1.9.6
release-1.9.6rc1
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"id": "CVE-2024-33655-12a02a35",
"source": "https://github.com/nlnetlabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de",
"digest": {
"function_hash": "204345079531153686960518041171470140637",
"length": 1282.0
},
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "services/cache/infra.c",
"function": "infra_create"
}
},
{
"signature_version": "v1",
"id": "CVE-2024-33655-31ada255",
"source": "https://github.com/nlnetlabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de",
"digest": {
"function_hash": "84226320142277751037923857079006790277",
"length": 255.0
},
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "services/cache/infra.c",
"function": "infra_delete"
}
},
{
"signature_version": "v1",
"id": "CVE-2024-33655-4056c9e1",
"source": "https://github.com/nlnetlabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de",
"digest": {
"function_hash": "287725364192978417234729843280669615213",
"length": 680.0
},
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "services/mesh.c",
"function": "mesh_state_remove_reply"
}
},
{
"signature_version": "v1",
"id": "CVE-2024-33655-4439910b",
"source": "https://github.com/nlnetlabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de",
"digest": {
"line_hashes": [
"49904528974029229796032476496086906945",
"239890991580397139106685922159311398839",
"75405473024032836108117051324046100006",
"14282763797763818745775726745335222209",
"84342761972241478668497802699757606940",
"255494418769692026532966336386068207332",
"161644282511125302203073915847382746964",
"26411020788503449734579281009719321574",
"53591247104656822985265640590020721289",
"35740295728906435300735044593582719978",
"79433865109245810085634529952854548986",
"154754705178025248290480584123190862815",
"180712916687790225215041130697708168569",
"77528156604497779039429822652960867962",
"335920746672948746602241772596219986400",
"285834095387918897978506426899861373217",
"99774094572005994867134792810393734759",
"310382394568477812508091914575165097615",
"136517538085720801296975895355197569351",
"218178712016054752297021304555166884662",
"321107951039874035359683785628900440808",
"235713576128835809009714841292483360459",
"281930082346545752055656074520646028213",
"128225829019476447320901844974901410770",
"180380790733602548698253514356885999080",
"9266029992859574032978534288954638464",
"8603255948552149947434099738267921403",
"40982104047368307691098522018897345850",
"104456709562329117223622015985592941725",
"309381343263561202815321045997517396483",
"20140137879181557188105787143572858493",
"299843097533546967551534930797407794184",
"127950029351950522153858279806258230371",
"10326855680716595952233028597862109889",
"234846477665231616296864772041292238724",
"339213412819442206093508132693496344070",
"196921933355650824816775807631720463855",
"5158381874272450525039206614562919027",
"80983510663634094044699097415427796935",
"80527162365920356143035535199004429218"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "services/mesh.c"
}
},
{
"signature_version": "v1",
"id": "CVE-2024-33655-481954e7",
"source": "https://github.com/nlnetlabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de",
"digest": {
"line_hashes": [
"169955034672582880491558149559213799117",
"167926572706250499117744440694735938407",
"295462055519054477783353732049710458696"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "util/config_file.h"
}
},
{
"signature_version": "v1",
"id": "CVE-2024-33655-5fb216ff",
"source": "https://github.com/nlnetlabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de",
"digest": {
"line_hashes": [
"177624253927731871711632269658821847963",
"232192976842667982378669467677559383656",
"165836657414083338549406977312908956816",
"13224752001718253930742733240365383553",
"54476000190134171530835874302567204739",
"147626614788537901838613470521186086375",
"249437285548678704502780978699352137870",
"204986406939669746142966686764328135134",
"243707785271855162572244264704736505674",
"55550702236472978446549803863435405833",
"55813193789754297909989694197341208227",
"299634866643098308208319718447876723063",
"235697803693538575147987233289897238206",
"268999620468997752232946755206959532326",
"253060011822655943112411514227658848613",
"252180014946904757860609486687852514",
"19033910149918475009180611191961394434",
"332850524758052674074221937015783517983",
"336171674243491158869323799422031721824",
"267163618773071277015008541721492444721",
"290747021068905278829057558847967528643",
"216431778855224850168913257209325173270",
"123182717221388925241861607988872895305",
"146216064899073458988890963085964285144",
"295695672279879304167258427869121671733"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "services/cache/infra.c"
}
},
{
"signature_version": "v1",
"id": "CVE-2024-33655-61b9d3bc",
"source": "https://github.com/nlnetlabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de",
"digest": {
"function_hash": "214365307717419735324833058341849340816",
"length": 18718.0
},
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "util/config_file.c",
"function": "config_set_option"
}
},
{
"signature_version": "v1",
"id": "CVE-2024-33655-753107f6",
"source": "https://github.com/nlnetlabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de",
"digest": {
"function_hash": "309275550377311965028744772025707129202",
"length": 4040.0
},
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "util/config_file.c",
"function": "config_delete"
}
},
{
"signature_version": "v1",
"id": "CVE-2024-33655-7988f878",
"source": "https://github.com/nlnetlabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de",
"digest": {
"function_hash": "53827281443159083216997734595011399322",
"length": 10300.0
},
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "util/config_file.c",
"function": "config_create"
}
},
{
"signature_version": "v1",
"id": "CVE-2024-33655-8ef87933",
"source": "https://github.com/nlnetlabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de",
"digest": {
"function_hash": "147305634363802902853534723921296661181",
"length": 3284.0
},
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "services/mesh.c",
"function": "mesh_query_done"
}
},
{
"signature_version": "v1",
"id": "CVE-2024-33655-a43669db",
"source": "https://github.com/nlnetlabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de",
"digest": {
"line_hashes": [
"293755247833624181908457004308485047457",
"332833869074677688378591920168638732678",
"211578423367293411370552873173636821294",
"307668868411812852586162858674756632936",
"4225707979241784715160120866087960077",
"60086692810089110253918447636033425709",
"268875411953926114554694125251051613147",
"206642298689665392998798913617029094288",
"27372636567960582838855228847442673393",
"278684377882026032643725792436227875286",
"31501694184485513206114886989337398667",
"181521802405181284376647821868754001997",
"8314893411260747159971639977607600466",
"60245844246219419594914784333445042501",
"198198680257755251411807441876005369614",
"61790336848369530450713599488585779160"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "util/config_file.c"
}
},
{
"signature_version": "v1",
"id": "CVE-2024-33655-af574c8c",
"source": "https://github.com/nlnetlabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de",
"digest": {
"function_hash": "258632034700259460967209031619478497679",
"length": 629.0
},
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "services/cache/infra.c",
"function": "infra_ip_create_ratedata"
}
},
{
"signature_version": "v1",
"id": "CVE-2024-33655-b7a0f88a",
"source": "https://github.com/nlnetlabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de",
"digest": {
"function_hash": "116957310986074805769313429942633021038",
"length": 3973.0
},
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "services/mesh.c",
"function": "mesh_serve_expired_callback"
}
},
{
"signature_version": "v1",
"id": "CVE-2024-33655-bab6ddd5",
"source": "https://github.com/nlnetlabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de",
"digest": {
"function_hash": "75356238429442388908806561155283778514",
"length": 18094.0
},
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "util/config_file.c",
"function": "config_get_option"
}
},
{
"signature_version": "v1",
"id": "CVE-2024-33655-bc0797fa",
"source": "https://github.com/nlnetlabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de",
"digest": {
"function_hash": "294929185447342622128057712377307467959",
"length": 4391.0
},
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "services/mesh.c",
"function": "mesh_new_client"
}
},
{
"signature_version": "v1",
"id": "CVE-2024-33655-d89b3c8d",
"source": "https://github.com/nlnetlabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de",
"digest": {
"function_hash": "112408718021905698471059738345528982543",
"length": 5453.0
},
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "services/mesh.c",
"function": "mesh_send_reply"
}
},
{
"signature_version": "v1",
"id": "CVE-2024-33655-daaec9cf",
"source": "https://github.com/nlnetlabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de",
"digest": {
"line_hashes": [
"313474824480980493613816813488676571240",
"316970772207613308279105330749687497572",
"233228960290107584301789873928116423933",
"133080643712181149368181370266502030684",
"230736567706020699978778070097662066986",
"140319560636411182277018984194101819798",
"152351189210276336929884424937018765563",
"41759767172734004968809186897682874654",
"214610515570991511267059272844549090858",
"231839584488041531211408817901425700042"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "services/cache/infra.h"
}
},
{
"signature_version": "v1",
"id": "CVE-2024-33655-ed71f94f",
"source": "https://github.com/nlnetlabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de",
"digest": {
"function_hash": "26269172821709369249664626046819409602",
"length": 1194.0
},
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "services/mesh.c",
"function": "mesh_state_cleanup"
}
},
{
"signature_version": "v1",
"id": "CVE-2024-33655-fb84d102",
"source": "https://github.com/nlnetlabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de",
"digest": {
"function_hash": "215572668806095065162497766572434709321",
"length": 572.0
},
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "services/cache/infra.c",
"function": "infra_ip_ratelimit_inc"
}
}
]