CVE-2022-3204Uncontrolled Resource Consumption in Labs Unbound

CWE-400Uncontrolled Resource Consumption8 documents8 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 42.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Nlnetlabs UnboundNlnet Labs UnboundFedoraproject Fedora
Timeline
PublishedSep 26
Latest updateNov 17

Description

A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable numbe

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Debiannlnetlabs/unbound< 1.13.1-1+deb11u1+3
NVDnlnetlabs/unbound1.16.2
CVEListV5nlnet_labs/unboundunspecified1.16.2

Also affects: Fedora 35, 36, 37

🔴Vulnerability Details

3
GHSA
GHSA-7mc5-x7xh-682h: A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software2022-09-27
CVEList
NRDelegation Attack2022-09-26
OSV
CVE-2022-3204: A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software2022-09-26

📋Vendor Advisories

4
Ubuntu
Unbound vulnerability2022-11-17
Red Hat
unbound: NRDelegation attack leads to uncontrolled resource consumption (Non-Responsive Delegation Attack)2022-09-21
Microsoft
NRDelegation Attack2022-09-13
Debian
CVE-2022-3204: unbound - A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) h...2022
CVE-2022-3204 — Uncontrolled Resource Consumption | cvebase