named may terminate unexpectedly when processing ECS options in repeated responses to iterative queries
CVE-2022-3488

7.5HIGH

Key Information:

Vendor: Isc
Status: Bind 9
Vendor: CVE Published:; 26 January 2023

Badges

👾 Exploit Exists🟣 EPSS 11%

What is CVE-2022-3488?

A vulnerability exists in BIND DNS Server that can cause the service to terminate unexpectedly due to improper handling of repeated responses with ECS pseudo-options. Specifically, if the initial response is malformed, the resolver may abort with an assertion failure rather than processing the query correctly. This impacts BIND versions 9.11.4-S1 through 9.11.37-S1 and 9.16.8-S1 through 9.16.36-S1, potentially leading to significant service disruptions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BIND 9 9.11.4-S1 <= 9.11.37-S1

BIND 9 9.16.8-S1 <= 9.16.36-S1

References

https://kb.isc.org/docs/cve-2022-3488

vendor-advisory

EPSS Score

11% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 3, 2024
Vulnerability published
Jan 26, 2023
Vulnerability Reserved
Oct 13, 2022

Credit

ISC would like to thank Infoblox for bringing this vulnerability to our attention.

JSON

Isc

Badges

What is CVE-2022-3488?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.