CVE-2022-1183
Vulnerability from cvelistv5
Published
2022-05-19 09:55
Modified
2024-09-17 04:00
Severity ?
EPSS score ?
Summary
Destroying a TLS session early causes assertion failure
References
▼ | URL | Tags | |
---|---|---|---|
security-officer@isc.org | https://kb.isc.org/docs/cve-2022-1183 | Vendor Advisory | |
security-officer@isc.org | https://security.netapp.com/advisory/ntap-20220707-0002/ | Third Party Advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T23:55:24.306Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2022-1183" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220707-0002/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "BIND9", "vendor": "ISC", "versions": [ { "status": "affected", "version": "Open Source Branch 9.18 9.18.0 through versions before 9.18.3" }, { "status": "affected", "version": "Development Branch 9.19 9.19.0" } ] } ], "credits": [ { "lang": "en", "value": "ISC would like to thank Thomas Amgarten from arcade solutions ag for bringing this vulnerability to our attention." } ], "datePublic": "2022-05-18T00:00:00", "descriptions": [ { "lang": "en", "value": "On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -\u003e 9.18.2 and version 9.19.0 of the BIND 9.19 development branch." } ], "exploits": [ { "lang": "en", "value": "We are not aware of any active exploits." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "In BIND 9.18.0 -\u003e 9.18.2 and version 9.19.0 of the BIND 9.19 development branch, an assertion failure can be triggered if a TLS connection to a configured http TLS listener with a defined endpoint is destroyed too early.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-07T14:07:24", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.isc.org/docs/cve-2022-1183" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220707-0002/" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND: BIND 9.18.3 or BIND 9.19.1." } ], "source": { "discovery": "EXTERNAL" }, "title": "Destroying a TLS session early causes assertion failure", "workarounds": [ { "lang": "en", "value": "No workarounds known." } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-officer@isc.org", "DATE_PUBLIC": "2022-05-18T13:36:59.000Z", "ID": "CVE-2022-1183", "STATE": "PUBLIC", "TITLE": "Destroying a TLS session early causes assertion failure" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "BIND9", "version": { "version_data": [ { "version_name": "Open Source Branch 9.18", "version_value": "9.18.0 through versions before 9.18.3" }, { "version_name": "Development Branch 9.19", "version_value": "9.19.0" } ] } } ] }, "vendor_name": "ISC" } ] } }, "credit": [ { "lang": "eng", "value": "ISC would like to thank Thomas Amgarten from arcade solutions ag for bringing this vulnerability to our attention." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -\u003e 9.18.2 and version 9.19.0 of the BIND 9.19 development branch." } ] }, "exploit": [ { "lang": "en", "value": "We are not aware of any active exploits." } ], "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "In BIND 9.18.0 -\u003e 9.18.2 and version 9.19.0 of the BIND 9.19 development branch, an assertion failure can be triggered if a TLS connection to a configured http TLS listener with a defined endpoint is destroyed too early." } ] } ] }, "references": { "reference_data": [ { "name": "https://kb.isc.org/docs/cve-2022-1183", "refsource": "CONFIRM", "url": "https://kb.isc.org/docs/cve-2022-1183" }, { "name": "https://security.netapp.com/advisory/ntap-20220707-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220707-0002/" } ] }, "solution": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND: BIND 9.18.3 or BIND 9.19.1." } ], "source": { "discovery": "EXTERNAL" }, "work_around": [ { "lang": "en", "value": "No workarounds known." } ] } } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2022-1183", "datePublished": "2022-05-19T09:55:09.565075Z", "dateReserved": "2022-03-30T00:00:00", "dateUpdated": "2024-09-17T04:00:26.575Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-1183\",\"sourceIdentifier\":\"security-officer@isc.org\",\"published\":\"2022-05-19T10:15:09.413\",\"lastModified\":\"2022-10-07T15:26:26.393\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -\u003e 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.\"},{\"lang\":\"es\",\"value\":\"En configuraciones vulnerables, el demonio nombrado puede, en algunas circunstancias, terminar con un fallo de aserci\u00f3n. Las configuraciones vulnerables son aquellas que incluyen una referencia a http dentro de las declaraciones listen-on en su named.conf. Tanto DNS sobre TLS (DoT) como DNS sobre HTTPS (DoH) usan TLS, pero las configuraciones que s\u00f3lo usan DoT no est\u00e1n afectadas. Afecta a BIND versiones 9.18.0 -) 9.18.2 y versi\u00f3n 9.19.0 de la rama de desarrollo de BIND 9.19\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"security-officer@isc.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-617\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"9.18.0\",\"versionEndIncluding\":\"9.18.2\",\"matchCriteriaId\":\"8D1E15FC-FE27-47D0-9040-E1F805EB54BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:9.19.0:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"89DBF1A6-1A50-42EC-85E9-0E2021B2769E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDDF61B7-EC5C-467C-B710-B89F502CD04F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F9C8C20-42EB-4AB5-BD97-212DEB070C43\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6770B6C3-732E-4E22-BF1C-2D2FD610061C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E63D8B0F-006E-4801-BF9D-1C001BBFB4F9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FFF7106-ED78-49BA-9EC5-B889E3685D53\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B06F4839-D16A-4A61-9BB5-55B13F41E47F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56409CEC-5A1E-4450-AA42-641E459CC2AF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8497A4C9-8474-4A62-8331-3FE862ED4098\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0B4AD8A-F172-4558-AEC6-FF424BA2D912\"}]}]}],\"references\":[{\"url\":\"https://kb.isc.org/docs/cve-2022-1183\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220707-0002/\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.