CVE-2022-3204
published 2022-09-26CVE-2022-3204: A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack…
PriorityP338high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.26%
65.9th percentile
A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the attack and the replies, different limits could be reached. From version 1.16.3 on, Unbound introduces fixes for better performance when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching and limiting the number of times a delegation point can issue a cache lookup for missing records.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | unbound | < unbound 1.16.3-1 (bookworm) | unbound 1.16.3-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| msrc | cbl2_unbound_1.16.3-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_unbound_1.10.0-5_on_cbl_mariner_1.0 | — | — |
| nlnet_labs | unbound | unspecified – 1.16.2 | — |
| nlnetlabs | unbound | <= 1.16.2 | — |
| nlnetlabs | unbound | >= 0 < 1.13.1-1+deb11u1 | 1.13.1-1+deb11u1 |
| nlnetlabs | unbound | >= 0 < 1.16.3-1 | 1.16.3-1 |
| nlnetlabs | unbound | >= 0 < 1.16.3-1 | 1.16.3-1 |
| nlnetlabs | unbound | >= 0 < 1.16.3-1 | 1.16.3-1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Hitachi Energy AFF66x
cisa_ics·2023-08-22·CVSS 7.4
[HIGH] Hitachi Energy AFF66x
ICS Advisory
##
Hitachi Energy AFF66x
Release DateAugust 22, 2023
Alert CodeICSA-23-234-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.6
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Hitachi Energy
- Equipment: AFF66x
- Vulnerabilities: Cross-site Scripting, Use of Insufficiently Random Values, Origin Validation Error, Integer Overflow or Wraparound, Uncontrolled Resource Consumption, NULL Pointer Dereference
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to compromise availability, integrity, and confidentiality of the targeted devices.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Hitachi Energy reports these vulnerabilities affect the following AFF660/665 products:
- AFF660/665
Ubuntu
Unbound vulnerability
vendor_ubuntu·2022-11-17
CVE-2022-3204 Unbound vulnerability
Title: Unbound vulnerability
Summary: Unbound could be made to stop responding if it received specially crafted
network traffic.
It was discovered that Unbound incorrectly handled delegations with a large
number of non-responsive nameservers. A remote attacker could possibly use
this issue to cause Unbound to consume resources, leading to a denial of
service.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
unbound: NRDelegation attack leads to uncontrolled resource consumption (Non-Responsive Delegation Attack)
vendor_redhat·2022-09-21·CVSS 7.5
CVE-2022-3204 [HIGH] unbound: NRDelegation attack leads to uncontrolled resource consumption (Non-Responsive Delegation Attack)
unbound: NRDelegation attack leads to uncontrolled resource consumption (Non-Responsive Delegation Attack)
A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead
Microsoft
NRDelegation Attack
vendor_msrc·2022-09-13·CVSS 7.5
CVE-2022-3204 [HIGH] CWE-400 NRDelegation Attack
NRDelegation Attack
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
NLnet Labs: NLnet Labs
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft.com/en-us/azure
Debian
CVE-2022-3204: unbound - A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) h...
vendor_debian·2022·CVSS 7.5
CVE-2022-3204 [HIGH] CVE-2022-3204: unbound - A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) h...
A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer f
GHSA
GHSA-7mc5-x7xh-682h: A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software
ghsa_unreviewed·2022-09-27
CVE-2022-3204 [HIGH] CWE-400 GHSA-7mc5-x7xh-682h: A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software
A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer f
OSV
CVE-2022-3204: A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software
osv·2022-09-26·CVSS 7.5
CVE-2022-3204 [HIGH] CVE-2022-3204: A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software
A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer f
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://lists.debian.org/debian-lts-announce/2023/03/msg00024.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35QGS5FBQTG3DBSK7QV67PA64P24ABHY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3G2HS6CYPSIGAKO6QLEZPG3RD6AMPB7B/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4EU6DMJXQFMAIE6SLAH4H5RNRU6VQL/https://security.gentoo.org/glsa/202212-02https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-3204.txthttps://lists.debian.org/debian-lts-announce/2023/03/msg00024.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35QGS5FBQTG3DBSK7QV67PA64P24ABHY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3G2HS6CYPSIGAKO6QLEZPG3RD6AMPB7B/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4EU6DMJXQFMAIE6SLAH4H5RNRU6VQL/https://security.gentoo.org/glsa/202212-02https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-3204.txt
2022-09-26
Published