named may terminate unexpectedly when processing ECS options in repeated responses to iterative queries
CVE-2022-3488

7.5HIGH

Key Information:

Vendor: Isc
Status: Bind 9
Vendor: CVE Published:; 26 January 2023

Badges

👾 Exploit Exists

Summary

A vulnerability exists in BIND DNS Server that can cause the service to terminate unexpectedly due to improper handling of repeated responses with ECS pseudo-options. Specifically, if the initial response is malformed, the resolver may abort with an assertion failure rather than processing the query correctly. This impacts BIND versions 9.11.4-S1 through 9.11.37-S1 and 9.16.8-S1 through 9.16.36-S1, potentially leading to significant service disruptions.

Affected Version(s)

BIND 9 9.11.4-S1 <= 9.11.37-S1

BIND 9 9.16.8-S1 <= 9.16.36-S1

References

https://kb.isc.org/docs/cve-2022-3488

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 3, 2024
Vulnerability published
Jan 26, 2023
Vulnerability Reserved
Oct 13, 2022

Credit

ISC would like to thank Infoblox for bringing this vulnerability to our attention.