Vulnerability-Lookup

WID-SEC-W-2022-0969

Vulnerability from csaf_certbund - Published: 2022-03-16 23:00 - Updated: 2025-11-20 23:00

Summary

Internet Systems Consortium BIND: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: BIND (Berkeley Internet Name Domain) ist ein Open-Source-Softwarepaket, das einen Domain-Name-System-Server implementiert.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Internet Systems Consortium BIND ausnutzen, um Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen.

Betroffene Betriebssysteme: - Linux - MacOS X - Sonstiges - UNIX - Windows

CVE-2021-25220

CVE-2022-0396

CVE-2022-0635

CVE-2022-0667

References

URL

Category

	https://wid.cert-bund.de/.well-known/csaf/white/2…	self
	https://wid.cert-bund.de/portal/wid/securityadvis…	self
	https://kb.isc.org/docs/CVE-2021-25220	external
	https://kb.isc.org/docs/cve-2022-0396	external
	https://kb.isc.org/docs/cve-2022-0635	external
	https://kb.isc.org/docs/cve-2022-0667	external
	https://support.infoblox.com/s/article/BloxOne-DD…	external
	https://support.infoblox.com/s/article/000007820	external
	https://support.infoblox.com/s/article/000007818	external
	https://ubuntu.com/security/notices/USN-5332-1	external
	https://ubuntu.com/security/notices/USN-5332-2	external
	https://lists.debian.org/debian-lts-announce/2022…	external
	https://lists.debian.org/debian-security-announce…	external
	https://lists.debian.org/debian-lts-announce/2022…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://security.archlinux.org/ASA-202204-5	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://alas.aws.amazon.com/AL2022/ALAS-2022-138.html	external
	https://security.gentoo.org/glsa/202210-25	external
	https://alas.aws.amazon.com/AL2022/ALAS-2022-166.html	external
	https://access.redhat.com/errata/RHSA-2022:7790	external
	https://access.redhat.com/errata/RHSA-2022:7643	external
	https://access.redhat.com/errata/RHSA-2022:8068	external
	https://access.redhat.com/errata/RHSA-2022:8385	external
	https://access.redhat.com/errata/RHSA-2023:0402	external
	https://lists.centos.org/pipermail/centos-announc…	external
	https://alas.aws.amazon.com/AL2/ALAS-2023-2001.html	external
	https://access.redhat.com/errata/RHSA-2025:21741	external
	https://access.redhat.com/errata/RHSA-2025:21740	external
	https://access.redhat.com/errata/RHSA-2025:21889	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "BIND (Berkeley Internet Name Domain) ist ein Open-Source-Softwarepaket, das einen Domain-Name-System-Server implementiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Internet Systems Consortium BIND ausnutzen, um Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-0969 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0969.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-0969 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0969"
      },
      {
        "category": "external",
        "summary": "ISC Security Advisory vom 2022-03-16",
        "url": "https://kb.isc.org/docs/CVE-2021-25220"
      },
      {
        "category": "external",
        "summary": "ISC Security Advisory vom 2022-03-16",
        "url": "https://kb.isc.org/docs/cve-2022-0396"
      },
      {
        "category": "external",
        "summary": "ISC Security Advisory vom 2022-03-16",
        "url": "https://kb.isc.org/docs/cve-2022-0635"
      },
      {
        "category": "external",
        "summary": "ISC Security Advisory vom 2022-03-16",
        "url": "https://kb.isc.org/docs/cve-2022-0667"
      },
      {
        "category": "external",
        "summary": "Infoblox Security Advisory vom 2022-03-16",
        "url": "https://support.infoblox.com/s/article/BloxOne-DDI-DNS-is-vulnerable-to-CVE-2022-0396"
      },
      {
        "category": "external",
        "summary": "Infoblox Security Advisory vom 2022-03-16",
        "url": "https://support.infoblox.com/s/article/000007820"
      },
      {
        "category": "external",
        "summary": "Infoblox Security Advisory vom 2022-03-16",
        "url": "https://support.infoblox.com/s/article/000007818"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5332-1 vom 2022-03-17",
        "url": "https://ubuntu.com/security/notices/USN-5332-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5332-2 vom 2022-03-17",
        "url": "https://ubuntu.com/security/notices/USN-5332-2"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2955 vom 2022-03-19",
        "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00026.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5105 vom 2022-03-18",
        "url": "https://lists.debian.org/debian-security-announce/2022/msg00073.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2955 vom 2022-03-19",
        "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00027.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:0908-1 vom 2022-03-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010486.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:0946-1 vom 2022-03-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010510.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:0945-1 vom 2022-03-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010511.html"
      },
      {
        "category": "external",
        "summary": "Arch Linux Security Advisory ASA-202204-5 vom 2022-04-05",
        "url": "https://security.archlinux.org/ASA-202204-5"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:1616-1 vom 2022-05-31",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-May/011206.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:2713-1 vom 2022-08-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/011832.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2022-138 vom 2022-09-29",
        "url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-138.html"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202210-25 vom 2022-10-31",
        "url": "https://security.gentoo.org/glsa/202210-25"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2022-166 vom 2022-11-04",
        "url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-166.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:7790 vom 2022-11-08",
        "url": "https://access.redhat.com/errata/RHSA-2022:7790"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:7643 vom 2022-11-08",
        "url": "https://access.redhat.com/errata/RHSA-2022:7643"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8068 vom 2022-11-15",
        "url": "https://access.redhat.com/errata/RHSA-2022:8068"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8385 vom 2022-11-15",
        "url": "https://access.redhat.com/errata/RHSA-2022:8385"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:0402 vom 2023-01-24",
        "url": "https://access.redhat.com/errata/RHSA-2023:0402"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2023:0402 vom 2023-01-30",
        "url": "https://lists.centos.org/pipermail/centos-announce/2023-January/086358.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2023-2001 vom 2023-03-22",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2001.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:21741 vom 2025-11-19",
        "url": "https://access.redhat.com/errata/RHSA-2025:21741"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:21740 vom 2025-11-19",
        "url": "https://access.redhat.com/errata/RHSA-2025:21740"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:21889 vom 2025-11-20",
        "url": "https://access.redhat.com/errata/RHSA-2025:21889"
      }
    ],
    "source_lang": "en-US",
    "title": "Internet Systems Consortium BIND: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-11-20T23:00:00.000+00:00",
      "generator": {
        "date": "2025-11-21T08:22:54.125+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2022-0969",
      "initial_release_date": "2022-03-16T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-03-16T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2022-03-17T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Infoblox aufgenommen"
        },
        {
          "date": "2022-03-20T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2022-03-21T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-03-24T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-04-04T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Arch Linux aufgenommen"
        },
        {
          "date": "2022-04-13T22:00:00.000+00:00",
          "number": "7",
          "summary": "Referenz(en) aufgenommen: FEDORA-2022-3F293290C3"
        },
        {
          "date": "2022-04-18T22:00:00.000+00:00",
          "number": "8",
          "summary": "Referenz(en) aufgenommen: FEDORA-2022-05918F0838, FEDORA-2022-A88218DE5C"
        },
        {
          "date": "2022-05-31T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-08-09T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-09-29T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2022-10-30T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Gentoo aufgenommen"
        },
        {
          "date": "2022-11-06T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2022-11-08T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-11-15T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-01-24T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-01-30T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von CentOS aufgenommen"
        },
        {
          "date": "2023-03-21T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2025-11-18T23:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-11-20T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "20"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Infoblox DDI",
            "product": {
              "name": "Infoblox DDI",
              "product_id": "T022362",
              "product_identification_helper": {
                "cpe": "cpe:/a:infoblox:ddi:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Infoblox NIOS",
            "product": {
              "name": "Infoblox NIOS",
              "product_id": "T014068",
              "product_identification_helper": {
                "cpe": "cpe:/o:infoblox:nios:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Infoblox"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c9.11.37",
                "product": {
                  "name": "Internet Systems Consortium BIND \u003c9.11.37",
                  "product_id": "T022357"
                }
              },
              {
                "category": "product_version",
                "name": "9.11.37",
                "product": {
                  "name": "Internet Systems Consortium BIND 9.11.37",
                  "product_id": "T022357-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:isc:bind:9.11.37"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.16.27",
                "product": {
                  "name": "Internet Systems Consortium BIND \u003c9.16.27",
                  "product_id": "T022358"
                }
              },
              {
                "category": "product_version",
                "name": "9.16.27",
                "product": {
                  "name": "Internet Systems Consortium BIND 9.16.27",
                  "product_id": "T022358-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:isc:bind:9.16.27"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.18.1",
                "product": {
                  "name": "Internet Systems Consortium BIND \u003c9.18.1",
                  "product_id": "T022359"
                }
              },
              {
                "category": "product_version",
                "name": "9.18.1",
                "product": {
                  "name": "Internet Systems Consortium BIND 9.18.1",
                  "product_id": "T022359-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:isc:bind:9.18.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "BIND"
          }
        ],
        "category": "vendor",
        "name": "Internet Systems Consortium"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Arch Linux",
            "product": {
              "name": "Open Source Arch Linux",
              "product_id": "T013312",
              "product_identification_helper": {
                "cpe": "cpe:/o:archlinux:archlinux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Open Source CentOS",
            "product": {
              "name": "Open Source CentOS",
              "product_id": "1727",
              "product_identification_helper": {
                "cpe": "cpe:/o:centos:centos:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-25220",
      "product_status": {
        "known_affected": [
          "67646",
          "T013312",
          "T012167",
          "T014068",
          "2951",
          "T002207",
          "T022357",
          "T000126",
          "T022358",
          "T022359",
          "398363",
          "1727",
          "T022362"
        ]
      },
      "release_date": "2022-03-16T23:00:00.000+00:00",
      "title": "CVE-2021-25220"
    },
    {
      "cve": "CVE-2022-0396",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T022358",
          "T022359",
          "T013312",
          "398363",
          "T012167",
          "1727",
          "T014068",
          "T022362"
        ]
      },
      "release_date": "2022-03-16T23:00:00.000+00:00",
      "title": "CVE-2022-0396"
    },
    {
      "cve": "CVE-2022-0635",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T022359",
          "T013312",
          "398363",
          "T012167",
          "1727"
        ]
      },
      "release_date": "2022-03-16T23:00:00.000+00:00",
      "title": "CVE-2022-0635"
    },
    {
      "cve": "CVE-2022-0667",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T022359",
          "T013312",
          "398363",
          "T012167",
          "1727"
        ]
      },
      "release_date": "2022-03-16T23:00:00.000+00:00",
      "title": "CVE-2022-0667"
    }
  ]
}

CVE-2021-25220 (GCVE-0-2021-25220)

Vulnerability from cvelistv5 – Published: 2022-03-23 12:50 – Updated: 2024-09-16 17:08

Title

DNS forwarders - cache poisoning vulnerability

Summary

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.

Severity ?

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

CWE

When using forwarders, bogus NS records supplied by, or via, those forwarders may be cached and used by named if it needs to recurse for any reason, causing it to obtain and pass on potentially incorrect answers. Some examples of configurations that will be vulnerable are: Resolvers using per zone or global forwarding with forward first (forward first is the default). Resolvers not using global forwarding, but with per-zone forwarding with either forward first (the default) or forward only. Resolvers configured with global forwarding along with zone statements that disable forwarding for part of the DNS namespace. Authoritative-only BIND 9 servers are not vulnerable to this flaw. BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL.

Assigner

isc

References

URL

Tags

	https://kb.isc.org/v1/docs/cve-2021-25220
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://security.netapp.com/advisory/ntap-2022040…
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://cert-portal.siemens.com/productcert/pdf/s…
	https://security.gentoo.org/glsa/202210-25	vendor-advisory
	https://supportportal.juniper.net/s/article/2022-…

Impacted products

	Vendor	Product	Version
	ISC	BIND	Affected: Open Source Branch 9.11 9.11.0 through versions before 9.11.37 Affected: Development Branch 9.17 BIND 9.17 all version Affected: Open Source Branch 9.12-16 9.12.0 through versions before 9.16.27 Affected: Open Source Branch 9.18 9.18.0 Affected: Supported Preview Branch 9.11-S 9.11.0-S through versions before 9.11.37-S Affected: Supported Preview Branch 9.16-S 9.16.0-S through versions before 9.16.27-S

Date Public ?

2022-03-16 00:00

Credits

ISC would like to thank Xiang Li, Baojun Liu, and Chaoyi Lu from Network and Information Security Lab, Tsinghua University and Changgen Zou from Qi An Xin Group Corp. for discovering and reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:11.083Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.isc.org/v1/docs/cve-2021-25220"
          },
          {
            "name": "FEDORA-2022-14e36aac0c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/"
          },
          {
            "name": "FEDORA-2022-042d9c6146",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/API7U5E7SX7BAAVFNW366FFJGD6NZZKV/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220408-0001/"
          },
          {
            "name": "FEDORA-2022-a88218de5c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VX3I2U3ICOIEI5Y7OYA6CHOLFMNH3YQ/"
          },
          {
            "name": "FEDORA-2022-05918f0838",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SXT7247QTKNBQ67MNRGZD23ADXU6E5U/"
          },
          {
            "name": "FEDORA-2022-3f293290c3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DE3UAVCPUMAKG27ZL5YXSP2C3RIOW3JZ/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
          },
          {
            "name": "GLSA-202210-25",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-25"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Cache-poisoning-vulnerability-in-BIND-used-by-DNS-Proxy-CVE-2021-25220?language=en_US"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIND",
          "vendor": "ISC",
          "versions": [
            {
              "status": "affected",
              "version": "Open Source Branch 9.11  9.11.0 through versions before 9.11.37"
            },
            {
              "status": "affected",
              "version": "Development Branch 9.17  BIND 9.17 all version"
            },
            {
              "status": "affected",
              "version": "Open Source Branch 9.12-16  9.12.0 through versions before 9.16.27"
            },
            {
              "status": "affected",
              "version": "Open Source Branch 9.18 9.18.0"
            },
            {
              "status": "affected",
              "version": "Supported Preview Branch 9.11-S 9.11.0-S through versions before 9.11.37-S"
            },
            {
              "status": "affected",
              "version": "Supported Preview Branch 9.16-S  9.16.0-S through versions before 9.16.27-S"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Xiang Li, Baojun Liu, and Chaoyi Lu from Network and Information Security Lab, Tsinghua University and Changgen Zou from Qi An Xin Group Corp. for discovering and reporting this issue."
        }
      ],
      "datePublic": "2022-03-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "BIND 9.11.0 -\u003e 9.11.36 9.12.0 -\u003e 9.16.26 9.17.0 -\u003e 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -\u003e 9.11.36-S1 9.16.8-S1 -\u003e 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "When using forwarders, bogus NS records supplied by, or via, those forwarders may be cached and used by named if it needs to recurse for any reason, causing it to obtain and pass on potentially incorrect answers. Some examples of configurations that will be vulnerable are:     Resolvers using per zone or global forwarding with forward first (forward first is the default).     Resolvers not using global forwarding, but with per-zone forwarding with either forward first (the default) or forward only.     Resolvers configured with global forwarding along with zone statements that disable forwarding for part of the DNS namespace. Authoritative-only BIND 9 servers are not vulnerable to this flaw. BIND     9.11.0 -\u003e 9.11.36     9.12.0 -\u003e 9.16.26     9.17.0 -\u003e 9.18.0 BIND Supported Preview Editions:     9.11.4-S1 -\u003e 9.11.36-S1     9.16.8-S1 -\u003e 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-23T00:00:00.000Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "url": "https://kb.isc.org/v1/docs/cve-2021-25220"
        },
        {
          "name": "FEDORA-2022-14e36aac0c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/"
        },
        {
          "name": "FEDORA-2022-042d9c6146",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/API7U5E7SX7BAAVFNW366FFJGD6NZZKV/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220408-0001/"
        },
        {
          "name": "FEDORA-2022-a88218de5c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VX3I2U3ICOIEI5Y7OYA6CHOLFMNH3YQ/"
        },
        {
          "name": "FEDORA-2022-05918f0838",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SXT7247QTKNBQ67MNRGZD23ADXU6E5U/"
        },
        {
          "name": "FEDORA-2022-3f293290c3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DE3UAVCPUMAKG27ZL5YXSP2C3RIOW3JZ/"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
        },
        {
          "name": "GLSA-202210-25",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-25"
        },
        {
          "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Cache-poisoning-vulnerability-in-BIND-used-by-DNS-Proxy-CVE-2021-25220?language=en_US"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND:\n    BIND 9.11.37\n    BIND 9.16.27\n    BIND 9.18.1\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n    BIND 9.11.37-S1\n    BIND 9.16.27-S1"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "DNS forwarders - cache poisoning vulnerability",
      "workarounds": [
        {
          "lang": "en",
          "value": "If applicable, modify your configuration to either remove all forwarding or all possibility of recursion. Depending on your use-case, it may be possible to use other zone types to replace forward zones.\nActive exploits: We are not aware of any active exploits."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2021-25220",
    "datePublished": "2022-03-23T12:50:10.367Z",
    "dateReserved": "2021-01-15T00:00:00.000Z",
    "dateUpdated": "2024-09-16T17:08:54.143Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-0667 (GCVE-0-2022-0667)

Vulnerability from cvelistv5 – Published: 2022-03-22 11:15 – Updated: 2024-09-16 22:20

Title

Assertion failure on delayed DS lookup

Summary

When the vulnerability is triggered the BIND process will exit. BIND 9.18.0

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

In BIND 9.18.0 the recursive client code was refactored. This refactoring introduced a "backstop lifetime timer". While BIND is processing a request for a DS record that needs to be forwarded, it waits until this processing is complete or until the backstop lifetime timer has timed out. When the resume_dslookup() function is called as a result of such a timeout, the function does not test whether the fetch has previously been shut down. This introduces the possibility of triggering an assertion failure, which could cause the BIND process to terminate. Only the BIND 9.18 branch is affected. BIND 9.18.0

Assigner

isc

References

URL

Tags

	https://kb.isc.org/v1/docs/cve-2022-0667	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-2022040…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	ISC	BIND	Affected: 9.18.0

Date Public ?

2022-03-16 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:32:46.517Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/v1/docs/cve-2022-0667"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220408-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "all"
          ],
          "product": "BIND",
          "vendor": "ISC",
          "versions": [
            {
              "status": "affected",
              "version": "9.18.0"
            }
          ]
        }
      ],
      "datePublic": "2022-03-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "When the vulnerability is triggered the BIND process will exit. BIND 9.18.0"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "In BIND 9.18.0 the recursive client code was refactored. This refactoring introduced a \"backstop lifetime timer\".  While BIND is processing a request for a DS record that needs to be forwarded, it waits until this processing is complete or until the backstop lifetime timer has timed out. When the resume_dslookup() function is called as a result of such a timeout, the function does not test whether the fetch has previously been shut down. This introduces the possibility of triggering an assertion failure, which could cause the BIND process to terminate.  Only the BIND 9.18 branch is affected. BIND 9.18.0",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-08T22:06:15.000Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/v1/docs/cve-2022-0667"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220408-0001/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Users of BIND 9.18.0 should upgrade to BIND 9.18.1"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Assertion failure on delayed DS lookup",
      "workarounds": [
        {
          "lang": "en",
          "value": "No workarounds known."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-officer@isc.org",
          "DATE_PUBLIC": "2022-03-16T19:00:00.000Z",
          "ID": "CVE-2022-0667",
          "STATE": "PUBLIC",
          "TITLE": "Assertion failure on delayed DS lookup"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIND",
                      "version": {
                        "version_data": [
                          {
                            "platform": "all",
                            "version_affected": "=",
                            "version_name": "9.18.0",
                            "version_value": "9.18.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ISC"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When the vulnerability is triggered the BIND process will exit. BIND 9.18.0"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "In BIND 9.18.0 the recursive client code was refactored. This refactoring introduced a \"backstop lifetime timer\".  While BIND is processing a request for a DS record that needs to be forwarded, it waits until this processing is complete or until the backstop lifetime timer has timed out. When the resume_dslookup() function is called as a result of such a timeout, the function does not test whether the fetch has previously been shut down. This introduces the possibility of triggering an assertion failure, which could cause the BIND process to terminate.  Only the BIND 9.18 branch is affected. BIND 9.18.0"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.isc.org/v1/docs/cve-2022-0667",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/v1/docs/cve-2022-0667"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220408-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220408-0001/"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Users of BIND 9.18.0 should upgrade to BIND 9.18.1"
          }
        ],
        "source": {
          "discovery": "INTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "No workarounds known."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2022-0667",
    "datePublished": "2022-03-22T11:15:13.972Z",
    "dateReserved": "2022-02-17T00:00:00.000Z",
    "dateUpdated": "2024-09-16T22:20:53.204Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-0396 (GCVE-0-2022-0396)

Vulnerability from cvelistv5 – Published: 2022-03-23 10:45 – Updated: 2024-09-16 19:05

Title

DoS from specifically crafted TCP packets

Summary

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

ISC recently discovered an issue in BIND that allows TCP connection slots to be consumed for an indefinite time frame via a specifically crafted TCP stream sent from a client. This issue is present in BIND. BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. 9.16.11 to 9.16.26 (including S editions), and 9.18.0. This issue can only be triggered on BIND servers which have keep-response-order enabled, which is not the default configuration. The keep-response-order option is an ACL block; any hosts which are specified within it will be able to trigger this issue on affected versions. BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition.

Assigner

isc

References

URL

Tags

	https://kb.isc.org/v1/docs/cve-2022-0396
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://security.netapp.com/advisory/ntap-2022040…
	https://cert-portal.siemens.com/productcert/pdf/s…
	https://security.gentoo.org/glsa/202210-25	vendor-advisory

Impacted products

	Vendor	Product	Version
	ISC	BIND	Affected: Open Source Branch 9.16 9.16.11 through versions before 9.16.27 Affected: Development Branch 9.17 BIND 9.17 all versions Affected: Open Source Branch 9.18 9.18.0 Affected: Supported Preview Branch 9.16-S 9.16.11-S through versions before 9.16.27-S

Date Public ?

2022-03-16 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:25:40.544Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.isc.org/v1/docs/cve-2022-0396"
          },
          {
            "name": "FEDORA-2022-14e36aac0c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220408-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
          },
          {
            "name": "GLSA-202210-25",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-25"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIND",
          "vendor": "ISC",
          "versions": [
            {
              "status": "affected",
              "version": "Open Source Branch 9.16 9.16.11 through versions before 9.16.27"
            },
            {
              "status": "affected",
              "version": "Development Branch 9.17 BIND 9.17 all versions"
            },
            {
              "status": "affected",
              "version": "Open Source Branch 9.18 9.18.0"
            },
            {
              "status": "affected",
              "version": "Supported Preview Branch 9.16-S 9.16.11-S through versions before 9.16.27-S"
            }
          ]
        }
      ],
      "datePublic": "2022-03-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "BIND 9.16.11 -\u003e 9.16.26, 9.17.0 -\u003e 9.18.0 and versions 9.16.11-S1 -\u003e 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "ISC recently discovered an issue in BIND that allows TCP connection slots to be consumed for an indefinite time frame via a specifically crafted TCP stream sent from a client. This issue is present in BIND. BIND 9.16.11 -\u003e 9.16.26, 9.17.0 -\u003e 9.18.0 and versions 9.16.11-S1 -\u003e 9.16.26-S1 of the BIND Supported Preview Edition. 9.16.11 to 9.16.26 (including S editions), and 9.18.0. This issue can only be triggered on BIND servers which have keep-response-order enabled, which is not the default configuration. The keep-response-order option is an ACL block; any hosts which are specified within it will be able to trigger this issue on affected versions. BIND 9.16.11 -\u003e 9.16.26, 9.17.0 -\u003e 9.18.0 and versions 9.16.11-S1 -\u003e 9.16.26-S1 of the BIND Supported Preview Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-31T00:00:00.000Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "url": "https://kb.isc.org/v1/docs/cve-2022-0396"
        },
        {
          "name": "FEDORA-2022-14e36aac0c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220408-0001/"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
        },
        {
          "name": "GLSA-202210-25",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-25"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND:\n    9.16.27\n    9.18.1\nBIND Supported Preview Edition is a special feature-preview branch of BIND provided to eligible ISC support customers.\n    9.16.27-S1"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "DoS from specifically crafted TCP packets",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this issue in all affected versions of BIND, use the default setting of keep-response-order { none; }.\nActive exploits: We are not aware of any active exploits."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2022-0396",
    "datePublished": "2022-03-23T10:45:13.589Z",
    "dateReserved": "2022-01-27T00:00:00.000Z",
    "dateUpdated": "2024-09-16T19:05:24.544Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-0635 (GCVE-0-2022-0635)

Vulnerability from cvelistv5 – Published: 2022-03-23 11:55 – Updated: 2024-09-17 02:21

Summary

Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

We refactored the RFC 8198 Aggressive Use of DNSSEC-Validated Cache feature (synth-from-dnssec) for the new BIND 9.18.0 stable release, and changed the default so that is now automatically enabled for dnssec-validating resolvers. Subsequently it was found that repeated patterns of specific queries to servers with this feature enabled could cause an INSIST failure in query.c:query_dname which causes named to terminate unexpectedly. The vulnerability affects BIND resolvers running 9.18.0 that have both dnssec-validation and synth-from-dnssec enabled. (Note that dnssec-validation auto; is the default setting unless configured otherwise in named.conf and that enabling dnssec-validation automatically enables synth-from-dnssec unless explicitly disabled) Versions affected: BIND 9.18.0

Assigner

isc

References

URL

Tags

	https://kb.isc.org/v1/docs/cve-2022-0635	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-2022040…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	ISC	BIND	Affected: Open Source Branch 9.18 9.18.0

Date Public ?

2022-03-16 00:00

Credits

ISC would like to thank Vincent Levigneron of AFNIC for reporting this issue to us and for verifying the fix and workaround.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:32:46.460Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/v1/docs/cve-2022-0635"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220408-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIND",
          "vendor": "ISC",
          "versions": [
            {
              "status": "affected",
              "version": "Open Source Branch 9.18 9.18.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Vincent Levigneron of AFNIC for reporting this issue to us and for verifying the fix and workaround."
        }
      ],
      "datePublic": "2022-03-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "We refactored the RFC 8198 Aggressive Use of DNSSEC-Validated Cache feature (synth-from-dnssec) for the new BIND 9.18.0 stable release, and changed the default so that is now automatically enabled for dnssec-validating resolvers. Subsequently it was found that repeated patterns of specific queries to servers with this feature enabled could cause an INSIST failure in query.c:query_dname which causes named to terminate unexpectedly. The vulnerability affects BIND resolvers running 9.18.0 that have both dnssec-validation and synth-from-dnssec enabled. (Note that dnssec-validation auto; is the default setting unless configured otherwise in named.conf and that enabling dnssec-validation automatically enables synth-from-dnssec unless explicitly disabled) Versions affected: BIND 9.18.0",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-08T22:06:11.000Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/v1/docs/cve-2022-0635"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220408-0001/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Users of BIND 9.18.0 should upgrade to BIND 9.18.1"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "workarounds": [
        {
          "lang": "en",
          "value": "The failure can be avoided by adding this option to named.conf:\nsynth-from-dnssec no;"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-officer@isc.org",
          "DATE_PUBLIC": "2022-03-16T11:00:00.000Z",
          "ID": "CVE-2022-0635",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIND",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "Open Source Branch 9.18",
                            "version_value": "9.18.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ISC"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "ISC would like to thank Vincent Levigneron of AFNIC for reporting this issue to us and for verifying the fix and workaround."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "We refactored the RFC 8198 Aggressive Use of DNSSEC-Validated Cache feature (synth-from-dnssec) for the new BIND 9.18.0 stable release, and changed the default so that is now automatically enabled for dnssec-validating resolvers. Subsequently it was found that repeated patterns of specific queries to servers with this feature enabled could cause an INSIST failure in query.c:query_dname which causes named to terminate unexpectedly. The vulnerability affects BIND resolvers running 9.18.0 that have both dnssec-validation and synth-from-dnssec enabled. (Note that dnssec-validation auto; is the default setting unless configured otherwise in named.conf and that enabling dnssec-validation automatically enables synth-from-dnssec unless explicitly disabled) Versions affected: BIND 9.18.0"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.isc.org/v1/docs/cve-2022-0635",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/v1/docs/cve-2022-0635"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220408-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220408-0001/"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Users of BIND 9.18.0 should upgrade to BIND 9.18.1"
          }
        ],
        "source": {
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "The failure can be avoided by adding this option to named.conf:\nsynth-from-dnssec no;"
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2022-0635",
    "datePublished": "2022-03-23T11:55:10.058Z",
    "dateReserved": "2022-02-16T00:00:00.000Z",
    "dateUpdated": "2024-09-17T02:21:44.299Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2022-0969

CVE-2021-25220 (GCVE-0-2021-25220)

CVE-2022-0667 (GCVE-0-2022-0667)

CVE-2022-0396 (GCVE-0-2022-0396)

CVE-2022-0635 (GCVE-0-2022-0635)

Tags

Sightings

Nomenclature