CVE-2024-0760: 
CBL Mariner vulnerability analysis and mitigation

CVE-2024-0760 affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and BIND Supported Preview Edition versions 9.18.11-S1 through 9.18.27-S1. The vulnerability was discovered through internal testing and publicly disclosed on July 23, 2024 (ISC KB).

The vulnerability allows a malicious client to send multiple DNS messages over TCP, which can potentially cause the server to become unstable during the attack period. The issue has been assigned a CVSS score of 7.5 (High) with the vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating it is network accessible, requires low attack complexity, and can significantly impact system availability (ISC KB).

When successfully exploited, this vulnerability can cause the DNS server to become unresponsive until sometime after the attack ends. Notably, the use of Access Control Lists (ACLs) does not mitigate the attack, making it particularly concerning for server administrators (ISC KB).

No workarounds are known for this vulnerability. The recommended solution is to upgrade to patched versions: BIND 9.18.28, 9.20.0, or 9.18.28-S1 for BIND Supported Preview Edition users (ISC KB, OSS Security).