CVE-2022-3080

CWE-613 — Insufficient Session Expiration CWE-20 — Improper Input Validation CWE-748 documents8 sources

Severity

7.5HIGH

EPSS

0.1%

top 70.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind ISC Bind9 Fedoraproject Fedora

Timeline

PublishedSep 21

Latest updateSep 22

Description

By sending specific queries to the resolver, an attacker can cause named to crash.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDisc/bind9.16.14 — 9.16.33+5

▶Debianbind9< 1:9.16.33-1~deb11u1+3

▶CVEListV5isc/bind94 versions+3

Also affects: Fedora 35, 36, 37

Patches

Patch: www.openwall.com ↗Patch: kb.isc.org ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-7mrh-jrcg-wc76: By sending specific queries to the resolver, an attacker can cause named to crash↗2022-09-22

▶

OSV

CVE-2022-3080: By sending specific queries to the resolver, an attacker can cause named to crash↗2022-09-21

▶

CVEList

BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly↗2022-09-21

▶

📋Vendor Advisories

Red Hat

bind: BIND 9 resolvers configured to answer from cache with zero stale-answer-timeout may terminate unexpectedly↗2022-09-21

▶

Ubuntu

Bind vulnerabilities↗2022-09-21

▶

Microsoft

BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly↗2022-09-13

▶

Debian

CVE-2022-3080: bind9 - By sending specific queries to the resolver, an attacker can cause named to cras...↗2022

▶