CVE-2022-2795

CWE-770Allocation without LimitsCWE-400Uncontrolled Resource Consumption11 documents8 sources
Severity
5.3MEDIUM
EPSS
0.6%
top 29.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
ISC BindISC Bind9Debian Debian Linux+1 more
Timeline
PublishedSep 21
Latest updateSep 22

Description

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

NVDisc/bind9.0.09.16.33+25
Debianbind9< 1:9.16.33-1~deb11u1+3
Ubuntubind9< 1:9.11.3+dfsg-1ubuntu1.18+4
CVEListV5isc/bind95 versions+4

Also affects: Debian Linux 10.0, 11.0, Fedora 35, 36, 37

Patches

Patch: www.openwall.comPatch: kb.isc.orgPatch: www.openwall.com

🔴Vulnerability Details

5
GHSA
GHSA-9mq2-v988-m7mr: By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying2022-09-22
OSV
bind9 vulnerabilities2022-09-21
OSV
CVE-2022-2795: By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying2022-09-21
OSV
bind9 vulnerabilities2022-09-21
CVEList
Processing large delegations may severely degrade resolver performance2022-09-21

📋Vendor Advisories

5
Ubuntu
Bind vulnerabilities2022-09-21
Ubuntu
Bind vulnerabilities2022-09-21
Red Hat
bind: processing large delegations may severely degrade resolver performance2022-09-21
Microsoft
Processing large delegations may severely degrade resolver performance2022-09-13
Debian
CVE-2022-2795: bind9 - By flooding the target resolver with queries exploiting this flaw an attacker ca...2022
CVE-2022-2795 (MEDIUM CVSS 5.3) | By flooding the target resolver wit | cvebase.io