CVE-2022-3488

CWE-617 — Reachable Assertion CWE-20 — Improper Input Validation6 documents6 sources

Severity

7.5HIGH

EPSS

13.9%

top 5.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind 9 ISC Bind

Timeline

PublishedJan 26

Description

Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything that would cause the resolver to reject the query response, such as a mismatch between query and answer name. This issue affects BIND 9 versions 9.11.4-S1 through 9.11.37-S1 and 9.16.8-S1 through 9.16.36-S1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5isc/bind_99.11.4-S1 — 9.11.37-S1+1

▶NVDisc/bind4 versions+3

🔴Vulnerability Details

GHSA

GHSA-pq6j-95q4-4mhj: Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can ca↗2023-01-26

▶

CVEList

named may terminate unexpectedly when processing ECS options in repeated responses to iterative queries↗2023-01-25

▶

GHSA

Improper beacon events in matrix-js-sdk can result in availability issues↗2022-09-29

▶

📋Vendor Advisories

Red Hat

bind: processing specially crafted responses in quick succession may lead to assertion failure↗2023-01-25

▶

Debian

CVE-2022-3488: bind9 - Processing of repeated responses to the same query, where both responses contain...↗2022

▶