{"id":"CVE-2024-1975","details":"If a server hosts a zone containing a \"KEY\" Resource Record, or a resolver DNSSEC-validates a \"KEY\" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests.\nThis issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.","modified":"2026-02-02T01:28:43.396134Z","published":"2024-07-23T15:15:03Z","withdrawn":"2026-01-27T04:19:34.896976Z","related":["ALSA-2024:5231","ALSA-2024:5390","ALSA-2024:5524","CGA-q6m5-6g45-qhm2","MGASA-2024-0342","SUSE-SU-2024:2636-1","SUSE-SU-2024:2810-1","SUSE-SU-2024:2811-1","SUSE-SU-2024:2862-1","SUSE-SU-2024:2863-1","SUSE-SU-2024:2868-1","openSUSE-SU-2024:14217-1"],"references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240731-0002/"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/07/23/1"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/07/31/2"},{"type":"WEB","url":"https://kb.isc.org/docs/cve-2024-1975"}],"schema_version":"1.7.3"}