CVE-2022-30698Insufficient Session Expiration in Unbound

CWE-613Insufficient Session Expiration8 documents8 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 70.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Nlnetlabs UnboundNlnet Labs UnboundFedoraproject Fedora
Timeline
PublishedAug 1
Latest updateAug 16

Description

NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver pro

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDnlnetlabs/unbound< 1.16.2
Debiannlnetlabs/unbound< 1.13.1-1+deb11u1+3
CVEListV5nlnet_labs/unboundunspecified1.16.1

Also affects: Fedora 35, 36

🔴Vulnerability Details

3
GHSA
GHSA-297v-qp46-84h5: NLnet Labs Unbound, up to and including version 12022-08-02
CVEList
Novel "ghost domain names" attack by introducing subdomain delegations2022-08-01
OSV
CVE-2022-30698: NLnet Labs Unbound, up to and including version 12022-08-01

📋Vendor Advisories

4
Ubuntu
Unbound vulnerabilities2022-08-16
Microsoft
Novel "ghost domain names" attack by introducing subdomain delegations2022-08-09
Red Hat
unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of malicious domain names2022-08-01
Debian
CVE-2022-30698: unbound - NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel ...2022
CVE-2022-30698 — Insufficient Session Expiration | cvebase