CVE-2022-30699Insufficient Session Expiration in Unbound

CWE-613Insufficient Session Expiration8 documents8 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 70.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Nlnetlabs UnboundNlnet Labs UnboundFedoraproject Fedora
Timeline
PublishedAug 1
Latest updateAug 16

Description

NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This a

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDnlnetlabs/unbound< 1.16.2
Debiannlnetlabs/unbound< 1.13.1-1+deb11u1+3
CVEListV5nlnet_labs/unboundunspecified1.16.1

Also affects: Fedora 35, 36

🔴Vulnerability Details

3
GHSA
GHSA-fjfh-84xh-5hv3: NLnet Labs Unbound, up to and including version 12022-08-02
CVEList
Novel "ghost domain names" attack by updating almost expired delegation information2022-08-01
OSV
CVE-2022-30699: NLnet Labs Unbound, up to and including version 12022-08-01

📋Vendor Advisories

4
Ubuntu
Unbound vulnerabilities2022-08-16
Microsoft
Novel "ghost domain names" attack by updating almost expired delegation information2022-08-09
Red Hat
unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of malicious domain names2022-08-01
Debian
CVE-2022-30699: unbound - NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel...2022
CVE-2022-30699 — Insufficient Session Expiration | cvebase