VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-xz18-c263-nyap

Essentials
Severities (11)
References (28)
Severity details (4)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-xz18-c263-nyap
Aliases	CVE-2024-11187
Summary	bind: bind9: Many records in the additional section cause CPU exhaustion
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-400	Uncontrolled Resource Consumption
CWE-405	Asymmetric Resource Consumption (Amplification)

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11187.json
epss	0.04069	https://api.first.org/data/v1/epss?cve=CVE-2024-11187
epss	0.04069	https://api.first.org/data/v1/epss?cve=CVE-2024-11187
epss	0.04069	https://api.first.org/data/v1/epss?cve=CVE-2024-11187
epss	0.04069	https://api.first.org/data/v1/epss?cve=CVE-2024-11187
epss	0.04069	https://api.first.org/data/v1/epss?cve=CVE-2024-11187
epss	0.04069	https://api.first.org/data/v1/epss?cve=CVE-2024-11187
epss	0.04069	https://api.first.org/data/v1/epss?cve=CVE-2024-11187
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.5	https://kb.isc.org/docs/cve-2024-11187
ssvc	Track	https://kb.isc.org/docs/cve-2024-11187

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11187.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-11187
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11187
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1094735		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094735
2342879		https://bugzilla.redhat.com/show_bug.cgi?id=2342879
cve-2024-11187		https://kb.isc.org/docs/cve-2024-11187
RHSA-2025:1664		https://access.redhat.com/errata/RHSA-2025:1664
RHSA-2025:1665		https://access.redhat.com/errata/RHSA-2025:1665
RHSA-2025:1666		https://access.redhat.com/errata/RHSA-2025:1666
RHSA-2025:1669		https://access.redhat.com/errata/RHSA-2025:1669
RHSA-2025:1670		https://access.redhat.com/errata/RHSA-2025:1670
RHSA-2025:1674		https://access.redhat.com/errata/RHSA-2025:1674
RHSA-2025:1675		https://access.redhat.com/errata/RHSA-2025:1675
RHSA-2025:1676		https://access.redhat.com/errata/RHSA-2025:1676
RHSA-2025:1678		https://access.redhat.com/errata/RHSA-2025:1678
RHSA-2025:1679		https://access.redhat.com/errata/RHSA-2025:1679
RHSA-2025:1681		https://access.redhat.com/errata/RHSA-2025:1681
RHSA-2025:1684		https://access.redhat.com/errata/RHSA-2025:1684
RHSA-2025:1685		https://access.redhat.com/errata/RHSA-2025:1685
RHSA-2025:1687		https://access.redhat.com/errata/RHSA-2025:1687
RHSA-2025:1691		https://access.redhat.com/errata/RHSA-2025:1691
RHSA-2025:1718		https://access.redhat.com/errata/RHSA-2025:1718
RHSA-2025:1907		https://access.redhat.com/errata/RHSA-2025:1907
RHSA-2025:1912		https://access.redhat.com/errata/RHSA-2025:1912
RHSA-2025:2588		https://access.redhat.com/errata/RHSA-2025:2588
RHSA-2025:3775		https://access.redhat.com/errata/RHSA-2025:3775
USN-7241-1		https://usn.ubuntu.com/7241-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11187.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://kb.isc.org/docs/cve-2024-11187

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-30T15:27:46Z/ Found at https://kb.isc.org/docs/cve-2024-11187

Exploit Prediction Scoring System (EPSS)

Percentile	0.88495
EPSS Score	0.04069
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:43:00.841807+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11187.json	38.0.0