CVE-2022-0396
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ISC | BIND | Open Source Branch 9.16 9.16.11 through versions before 9.16.27 | affected |
| ISC | BIND | Development Branch 9.17 BIND 9.17 all versions | affected |
| ISC | BIND | Open Source Branch 9.18 9.18.0 | affected |
| ISC | BIND | Supported Preview Branch 9.16-S 9.16.11-S through versions before 9.16.27-S | affected |
Weaknesses
- ISC recently discovered an issue in BIND that allows TCP connection slots to be consumed for an indefinite time frame via a specifically crafted TCP stream sent from a client. This issue is present in BIND. BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. 9.16.11 to 9.16.26 (including S editions), and 9.18.0. This issue can only be triggered on BIND servers which have keep-response-order enabled, which is not the default configuration. The keep-response-order option is an ACL block; any hosts which are specified within it will be able to trigger this issue on affected versions. BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition.
Workarounds
To mitigate this issue in all affected versions of BIND, use the default setting of keep-response-order { none; }. Active exploits: We are not aware of any active exploits.
ADP Enrichment
CVE Program Container
Additional References
- https://kb.isc.org/v1/docs/cve-2022-0396
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/
- https://security.netapp.com/advisory/ntap-20220408-0001/
- https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
- https://security.gentoo.org/glsa/202210-25
References
- https://kb.isc.org/v1/docs/cve-2022-0396
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/
- https://security.netapp.com/advisory/ntap-20220408-0001/
- https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
- https://security.gentoo.org/glsa/202210-25
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.