CVE-2024-33655

Published: Jun 6, 2024Modified: Nov 4, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue.

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (27)

https://alas.aws.amazon.com/ALAS-2024-1934.html

Source: cve@mitre.org

https://datatracker.ietf.org/doc/html/rfc1035

Source: cve@mitre.org

https://github.com/NLnetLabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de

Source: cve@mitre.org

https://github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md#version-120

Source: cve@mitre.org

https://gitlab.isc.org/isc-projects/bind9/-/issues/4398

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TBXPRJ2Q235YUZKYDRWOSYNDFBJQWJ3/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QITY2QBX2OCBTZIXD2A5ES62STFIA4AL/

Source: cve@mitre.org

https://meterpreter.org/researchers-uncover-dnsbomb-a-new-pdos-attack-exploiting-legitimate-dns-features/

Source: cve@mitre.org

https://nlnetlabs.nl/downloads/unbound/CVE-2024-33655.txt

Source: cve@mitre.org

https://nlnetlabs.nl/projects/unbound/security-advisories/

Source: cve@mitre.org

https://sp2024.ieee-security.org/accepted-papers.html

Source: cve@mitre.org

https://www.isc.org/blogs/2024-dnsbomb/

Source: cve@mitre.org

https://alas.aws.amazon.com/ALAS-2024-1934.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://datatracker.ietf.org/doc/html/rfc1035

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/NLnetLabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md#version-120

Source: af854a3a-2127-422b-91ae-364da2661108

https://gitlab.isc.org/isc-projects/bind9/-/issues/4398

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2025/08/msg00019.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TBXPRJ2Q235YUZKYDRWOSYNDFBJQWJ3/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QITY2QBX2OCBTZIXD2A5ES62STFIA4AL/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TBXPRJ2Q235YUZKYDRWOSYNDFBJQWJ3/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QITY2QBX2OCBTZIXD2A5ES62STFIA4AL/

Source: af854a3a-2127-422b-91ae-364da2661108

https://meterpreter.org/researchers-uncover-dnsbomb-a-new-pdos-attack-exploiting-legitimate-dns-features/

Source: af854a3a-2127-422b-91ae-364da2661108

https://nlnetlabs.nl/downloads/unbound/CVE-2024-33655.txt

Source: af854a3a-2127-422b-91ae-364da2661108

https://nlnetlabs.nl/projects/unbound/security-advisories/

Source: af854a3a-2127-422b-91ae-364da2661108

https://sp2024.ieee-security.org/accepted-papers.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.isc.org/blogs/2024-dnsbomb/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.