DoS from specifically crafted TCP packets

CVE-2022-0396

5.3MEDIUM

Key Information

Vendor: Isc
Status: Bind
Vendor: CVE Published:; 23 March 2022

Summary

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.

Affected Version(s)

BIND = Open Source Branch 9.16 9.16.11 through versions before 9.16.27

BIND = Development Branch 9.17 BIND 9.17 all versions

BIND = Open Source Branch 9.18 9.18.0

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Mar 23, 2022
Vulnerability Reserved.
Jan 27, 2022

Collectors

NVD DatabaseMitre Database