Processing large delegations may severely degrade resolver performance

CVE-2022-2795

5.3MEDIUM

Key Information

Vendor: Isc
Status: Bind9
Vendor: CVE Published:; 21 September 2022

Badges

👾 Exploit Exists

Summary

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

Affected Version(s)

BIND9 = Open Source Branches 9.0 through 9.16 9.0.0 through versions before 9.16.33

BIND9 = Open Source Branch 9.18 9.18.0 through versions before 9.18.7

BIND9 = Supported Preview Branches 9.9-S through 9.11-S 9.9.3-S1 through versions up to and including 9.11.37-S1

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Jun 20, 2024
Vulnerability published.
Sep 21, 2022
Vulnerability Reserved.
Aug 12, 2022

Collectors

NVD DatabaseMitre Database

Credit

ISC would like to thank Yehuda Afek from Tel-Aviv University and Anat Bremler-Barr & Shani Stajnrod from Reichman University for bringing this vulnerability to our attention.