CVE-2022-0667
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
When the vulnerability is triggered the BIND process will exit. BIND 9.18.0
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ISC | BIND | 9.18.0 | affected |
Weaknesses
- In BIND 9.18.0 the recursive client code was refactored. This refactoring introduced a "backstop lifetime timer". While BIND is processing a request for a DS record that needs to be forwarded, it waits until this processing is complete or until the backstop lifetime timer has timed out. When the resume_dslookup() function is called as a result of such a timeout, the function does not test whether the fetch has previously been shut down. This introduces the possibility of triggering an assertion failure, which could cause the BIND process to terminate. Only the BIND 9.18 branch is affected. BIND 9.18.0
Workarounds
No workarounds known.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.