FKIE_CVE-2022-2795

Vulnerability from fkie_nvd - Published: 2022-09-21 11:15 - Updated: 2024-11-29 12:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
References
security-officer@isc.orghttp://www.openwall.com/lists/oss-security/2022/09/21/3Mailing List, Patch, Third Party Advisory
security-officer@isc.orghttps://kb.isc.org/docs/cve-2022-2795Patch, Vendor Advisory
security-officer@isc.orghttps://lists.debian.org/debian-lts-announce/2022/10/msg00007.htmlMailing List, Third Party Advisory
security-officer@isc.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/
security-officer@isc.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/
security-officer@isc.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/
security-officer@isc.orghttps://security.gentoo.org/glsa/202210-25Third Party Advisory
security-officer@isc.orghttps://www.debian.org/security/2022/dsa-5235Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2022/09/21/3Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://kb.isc.org/docs/cve-2022-2795Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2022/10/msg00007.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202210-25Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20241129-0002/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2022/dsa-5235Third Party Advisory
Impacted products
Vendor Product Version
isc bind *
isc bind *
isc bind *
isc bind 9.9.3
isc bind 9.9.3
isc bind 9.9.12
isc bind 9.9.13
isc bind 9.10.5
isc bind 9.10.7
isc bind 9.11.3
isc bind 9.11.5
isc bind 9.11.5
isc bind 9.11.5
isc bind 9.11.5
isc bind 9.11.6
isc bind 9.11.7
isc bind 9.11.8
isc bind 9.11.12
isc bind 9.11.14-s1
isc bind 9.11.19-s1
isc bind 9.11.21
isc bind 9.11.27
isc bind 9.11.29
isc bind 9.11.35
isc bind 9.11.37
isc bind 9.16.8
isc bind 9.16.11
isc bind 9.16.13
isc bind 9.16.21
isc bind 9.16.32
debian debian_linux 10.0
debian debian_linux 11.0
fedoraproject fedora 35
fedoraproject fedora 36
fedoraproject fedora 37
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "6CF2AFF8-9D61-442F-98BE-C08FA09C2AD3",
              "versionEndExcluding": "9.16.33",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "BAE4B411-40F7-422D-8A5C-775ED1D00189",
              "versionEndExcluding": "9.18.7",
              "versionStartIncluding": "9.18.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "3E1EC206-AC11-4A7E-9723-C4F69FF76892",
              "versionEndExcluding": "9.19.5",
              "versionStartIncluding": "9.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:supported_preview:*:*",
              "matchCriteriaId": "A01B5F4E-1F55-4DED-BF30-E0B436D8B965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:supported_preview:*:*:*",
              "matchCriteriaId": "40EE014B-0CD8-45F3-BEDB-AE6368A78B04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.12:s1:*:*:supported_preview:*:*:*",
              "matchCriteriaId": "DAF8FA8C-0526-4389-AEC6-92AD62AA3929",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.13:s1:*:*:supported_preview:*:*:*",
              "matchCriteriaId": "1A9BA952-A5DF-4CBA-8928-0B373C013C32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.5:s1:*:*:supported_preview:*:*:*",
              "matchCriteriaId": "CAD41122-C5D8-4256-8CB7-FF88DCD96A13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.7:s1:*:*:supported_preview:*:*:*",
              "matchCriteriaId": "6243685F-1E5B-4FF6-AE1B-44798032FBA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.3:s1:*:*:supported_preview:*:*:*",
              "matchCriteriaId": "C2FE13E1-0646-46FC-875B-CB4C34E20101",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.5:s3:*:*:*:supported_preview:*:*",
              "matchCriteriaId": "B6F72F80-D178-4F6D-8D16-85C0DEEE275B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*",
              "matchCriteriaId": "1AA16E51-819C-4A1B-B66E-1C60C1782C0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.5:s5:*:*:supported_preview:*:*:*",
              "matchCriteriaId": "91533F9F-C0E5-4E84-8A4C-F744F956BF97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.5:s6:*:*:supported_preview:*:*:*",
              "matchCriteriaId": "46E6A4BD-D69B-4A70-821D-5612DD1315EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.6:s1:*:*:supported_preview:*:*:*",
              "matchCriteriaId": "8AF9D390-0D5B-4963-A2D3-BF1E7CD95E9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.7:s1:*:*:supported_preview:*:*:*",
              "matchCriteriaId": "AB2B92F1-6BA8-41CA-9000-E0633462CC28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.8:s1:*:*:supported_preview:*:*:*",
              "matchCriteriaId": "02CA4635-7DFC-408E-A837-856E0F96CA1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.12:s1:*:*:supported_preview:*:*:*",
              "matchCriteriaId": "3CABCB08-B838-45F7-AA87-77C6B8767DD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.14-s1:*:*:*:preview:*:*:*",
              "matchCriteriaId": "FB597385-BCFD-4CDB-9328-B4F76D586E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.19-s1:*:*:*:preview:*:*:*",
              "matchCriteriaId": "42C76CEF-FD0B-40A4-B246-A71F3EC72B29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.21:s1:*:*:supported_preview:*:*:*",
              "matchCriteriaId": "5CC1F26C-4757-4C87-BD8B-2FA456A88C6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.27:s1:*:*:supported_preview:*:*:*",
              "matchCriteriaId": "582A4948-B64F-45D4-807A-846A85BB6B42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.29:s1:*:*:supported_preview:*:*:*",
              "matchCriteriaId": "F22E7F6A-0714-480D-ACDF-5027FD6697B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.35:s1:*:*:supported_preview:*:*:*",
              "matchCriteriaId": "255AEB06-F071-4433-93E5-9436086C1A6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.37:s1:*:*:supported_preview:*:*:*",
              "matchCriteriaId": "EF14D712-5FCF-492F-BE3E-745109E9D6E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.16.8:s1:*:*:supported_preview:*:*:*",
              "matchCriteriaId": "288EAD80-574B-4839-9C2C-81D6D088A733",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.16.11:s1:*:*:supported_preview:*:*:*",
              "matchCriteriaId": "3595F024-F910-4356-8B5B-D478960FF574",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.16.13:s1:*:*:supported_preview:*:*:*",
              "matchCriteriaId": "94661BA2-27F8-4FFE-B844-9404F735579D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.16.21:s1:*:*:supported_preview:*:*:*",
              "matchCriteriaId": "751E37C2-8BFD-4306-95C1-8C01CE495FA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.16.32:s1:*:*:supported_preview:*:*:*",
              "matchCriteriaId": "CC432820-F1A2-4132-A673-2620119553C5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver\u0027s performance, effectively denying legitimate clients access to the DNS resolution service."
    },
    {
      "lang": "es",
      "value": "Al inundar el resolvedor de destino con consultas que explotan este fallo, un atacante puede perjudicar significativamente el rendimiento del resolvedor, negando efectivamente a los clientes leg\u00edtimos el acceso al servicio de resoluci\u00f3n DNS"
    }
  ],
  "id": "CVE-2022-2795",
  "lastModified": "2024-11-29T12:15:04.500",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "security-officer@isc.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-09-21T11:15:09.470",
  "references": [
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/09/21/3"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/docs/cve-2022-2795"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html"
    },
    {
      "source": "security-officer@isc.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/"
    },
    {
      "source": "security-officer@isc.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/"
    },
    {
      "source": "security-officer@isc.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202210-25"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5235"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/09/21/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/docs/cve-2022-2795"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202210-25"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20241129-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5235"
    }
  ],
  "sourceIdentifier": "security-officer@isc.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.