Processing large delegations may severely degrade resolver performance

CVE-2022-2795

5.3MEDIUM

Key Information

Vendor: Isc
Status: Bind9
Vendor: CVE Published:; 21 September 2022

Badges

👾 Exploit Exists

Summary

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

Affected Version(s)

BIND9 Open Source Branches 9.0 through 9.16 9.0.0 through versions before 9.16.33

BIND9 Open Source Branch 9.18 9.18.0 through versions before 9.18.7

BIND9 Supported Preview Branches 9.9-S through 9.11-S 9.9.3-S1 through versions up to and including 9.11.37-S1

References

https://kb.isc.org/docs/cve-2022-2795

http://www.openwall.com/lists/oss-security/2022/09/21/3

mailing-list

https://www.debian.org/security/2022/dsa-5235

vendor-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Jun 20, 2024
Vulnerability published
Sep 21, 2022
Vulnerability Reserved
Aug 12, 2022

Collectors

NVD DatabaseMitre Database

Credit

ISC would like to thank Yehuda Afek from Tel-Aviv University and Anat Bremler-Barr & Shani Stajnrod from Reichman University for bringing this vulnerability to our attention.