CVE-2022-0396
published 2022-03-23CVE-2022-0396: BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can…
medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | bind9 | < bind9 1:9.18.1-1 (bookworm) | bind9 1:9.18.1-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| isc | bind | — | — |
| isc | bind | — | — |
| isc | bind | — | — |
| isc | bind | — | — |
| isc | bind | >= 9.16.11 < 9.16.27 | 9.16.27 |
| isc | bind | 9.17.0 – 9.18.0 | — |
| isc | bind9 | >= 0 < 1:9.16.27-1~deb11u1 | 1:9.16.27-1~deb11u1 |
| isc | bind9 | >= 0 < 1:9.18.1-1 | 1:9.18.1-1 |
| isc | bind9 | >= 0 < 1:9.18.1-1 | 1:9.18.1-1 |
| isc | bind9 | >= 0 < 1:9.18.1-1 | 1:9.18.1-1 |
| isc | bind9 | >= 0 < 1:9.11.3+dfsg-1ubuntu1.17 | 1:9.11.3+dfsg-1ubuntu1.17 |
| isc | bind9 | >= 0 < 1:9.16.1-0ubuntu2.10 | 1:9.16.1-0ubuntu2.10 |
| msrc | cbl2_bind_9.16.29-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_bind_9.16.27-1_on_cbl_mariner_1.0 | — | — |
| siemens | sinec_ins | < 1.0 | 1.0 |
| siemens | sinec_ins | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
osv6.8MEDIUM