named configured to answer from stale cache may terminate unexpectedly at recursive-clients soft quota
CVE-2022-3924

7.5HIGH

Key Information:

Vendor: Isc
Status: Bind 9
Vendor: CVE Published:; 25 January 2023

Badges

👾 Exploit Exists

Summary

The vulnerability in BIND 9 resolvers occurs due to improper handling of client queries when the 'stale-answer-enable' option is activated along with a positive 'stale-answer-client-timeout' setting. When the resolver experiences a high volume of recursive queries, it may need to terminate the longest waiting client in order to serve a new request. This scenario risks a race condition between sending a stale answer and issuing a 'SERVFAIL' response, potentially leading to an assertion failure that disrupts normal operations. Systems running vulnerable versions of BIND 9 should be assessed and updated to mitigate this risk.

Affected Version(s)

BIND 9 9.16.12 <= 9.16.36

BIND 9 9.18.0 <= 9.18.10

BIND 9 9.19.0 <= 9.19.8

References

https://kb.isc.org/docs/cve-2022-3924

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 3, 2024
Vulnerability published
Jan 25, 2023
Vulnerability Reserved
Nov 10, 2022

Credit

ISC would like to thank Maksym Odinintsev from AWS for bringing this vulnerability to our attention.