fkie_cve-2022-3094
Vulnerability from fkie_nvd
Published
2023-01-26 21:15
Modified
2024-11-21 07:18
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes. If a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome. BIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don't intend to address this for BIND versions prior to BIND 9.16. This issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1.
References
security-officer@isc.orghttps://kb.isc.org/docs/cve-2022-3094Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://kb.isc.org/docs/cve-2022-3094Vendor Advisory
Impacted products
Vendor Product Version
isc bind *
isc bind *
isc bind *
isc bind 9.16.8
isc bind 9.16.11
isc bind 9.16.13
isc bind 9.16.14
isc bind 9.16.21
isc bind 9.16.32
isc bind 9.16.36


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
                     matchCriteriaId: "3D7D78D4-7431-442A-8E69-532822116ED3",
                     versionEndExcluding: "9.16.37",
                     versionStartIncluding: "9.16.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
                     matchCriteriaId: "92119B97-ADE6-47C0-B3E2-3B05C08A0B99",
                     versionEndExcluding: "9.18.11",
                     versionStartIncluding: "9.18.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
                     matchCriteriaId: "CB820E6D-F56C-4222-A3FF-3A02266FD68B",
                     versionEndExcluding: "9.19.9",
                     versionStartIncluding: "9.19.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:isc:bind:9.16.8:s1:*:*:supported_preview:*:*:*",
                     matchCriteriaId: "288EAD80-574B-4839-9C2C-81D6D088A733",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:isc:bind:9.16.11:s1:*:*:supported_preview:*:*:*",
                     matchCriteriaId: "3595F024-F910-4356-8B5B-D478960FF574",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:isc:bind:9.16.13:s1:*:*:supported_preview:*:*:*",
                     matchCriteriaId: "94661BA2-27F8-4FFE-B844-9404F735579D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:isc:bind:9.16.14:s1:*:*:supported_preview:*:*:*",
                     matchCriteriaId: "53593603-E2AF-4925-A6E6-109F097A0FF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:isc:bind:9.16.21:s1:*:*:supported_preview:*:*:*",
                     matchCriteriaId: "751E37C2-8BFD-4306-95C1-8C01CE495FA4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:isc:bind:9.16.32:s1:*:*:supported_preview:*:*:*",
                     matchCriteriaId: "CC432820-F1A2-4132-A673-2620119553C5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:isc:bind:9.16.36:s1:*:*:supported_preview:*:*:*",
                     matchCriteriaId: "F70347F2-6750-4497-B8F4-2036F4F4443A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited.\n\nMemory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes.\n\nIf a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome.\n\nBIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don't intend to address this for BIND versions prior to BIND 9.16.\nThis issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1.",
      },
      {
         lang: "es",
         value: "El envío de una avalancha de actualizaciones dinámicas de DNS puede hacer que \"\"named\"\" asigne grandes cantidades de memoria. Esto, a su vez, puede provocar que \"\"named\"\" se cierre debido a la falta de memoria libre.\n\nNo conocemos ningún caso en el que esto haya sido explotado. La memoria se asigna antes de verificar los permisos de acceso (ACL) y se retiene durante el procesamiento de una actualización dinámica de un cliente cuyas credenciales de acceso se aceptan. La memoria asignada a los clientes a los que no se les permite enviar actualizaciones se libera inmediatamente después del rechazo. Por lo tanto, el alcance de esta vulnerabilidad se limita a clientes confiables a quienes se les permite realizar cambios de zona dinámicos. \n\nSi se RECHAZA una actualización dinámica, la memoria se liberará nuevamente muy rápidamente. Por lo tanto, es probable que sólo sea posible degradar o detener \"\"named\"\" enviando una avalancha de actualizaciones dinámicas no aceptadas comparable en magnitud a una avalancha de consultas destinadas a lograr el mismo resultado perjudicial. \n\nBIND 9.11 y ramas anteriores también se ven afectadas, pero por el agotamiento de los recursos internos en lugar de por limitaciones de memoria. Esto puede reducir el rendimiento, pero no debería ser un problema importante para la mayoría de los servidores. Por lo tanto, no pretendemos abordar este problema para las versiones de BIND anteriores a BIND 9.16. \n\nEste problema afecta a las versiones 9.16.0 a 9.16.36, 9.18.0 a 9.18.10, 9.19.0 a 9.19.8 y 9.16.8-S1 a 9.16.36-S1 de BIND 9.",
      },
   ],
   id: "CVE-2022-3094",
   lastModified: "2024-11-21T07:18:48.880",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "security-officer@isc.org",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-01-26T21:15:50.653",
   references: [
      {
         source: "security-officer@isc.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://kb.isc.org/docs/cve-2022-3094",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://kb.isc.org/docs/cve-2022-3094",
      },
   ],
   sourceIdentifier: "security-officer@isc.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-416",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.