BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly

CVE-2022-3080
7.5HIGH

Key Information

Vendor
Isc
Status
Bind9
Vendor
CVE Published:
21 September 2022

Badges

👾 Exploit Exists

Summary

By sending specific queries to the resolver, an attacker can cause named to crash.

Affected Version(s)

BIND9 = Open Source Branch 9.16 9.16.14 through versions before 9.16.33

BIND9 = Open Source Branch 9.18 9.18.0 through versions before 9.18.7

BIND9 = Supported Preview Branch 9.16-S 9.16.14-S1 through versions before 9.16.33-S1

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit exists.

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database

Credit

ISC would like to thank Maksym Odinintsev for bringing this vulnerability to our attention.
.