Alpine: bind: security update to 9.18.33-r0

high Tenable Self-Hosted Container Security Plugin ID 420791

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- It is possible to construct a zone such that some queries to it will generate responses containing
numerous records in the Additional section. An attacker sending many such queries can cause either the
authoritative server itself or an independent resolver to use disproportionate resources processing the
queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue
affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0
through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and
9.18.11-S1 through 9.18.32-S1. (CVE-2024-11187)

- Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with
crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0
through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1. (CVE-2024-12705)

See Also

https://security.alpinelinux.org/vuln/CVE-2024-11187

https://security.alpinelinux.org/vuln/CVE-2024-12705

Plugin Details

Severity: High

ID: 420791

Version: Revision 1.17

Type: Local

Published: 1/30/2025

Updated: 9/11/2025

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.67

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2024-12705

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 1/29/2025

Reference Information

CVE: CVE-2024-11187, CVE-2024-12705

IAVA: 2025-A-0071