CVE-2022-0635

7.5HIGH

Key Information

Vendor: Isc
Status: Bind
Vendor: CVE Published:; 23 March 2022

Summary

Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check.

Affected Version(s)

BIND Open Source Branch 9.18 9.18.0

References

https://kb.isc.org/v1/docs/cve-2022-0635

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20220408-0001/

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 23, 2022
Vulnerability Reserved
Feb 16, 2022

Collectors

NVD DatabaseMitre Database

Credit

ISC would like to thank Vincent Levigneron of AFNIC for reporting this issue to us and for verifying the fix and workaround.