CVE-2022-0667

Summary

When the vulnerability is triggered the BIND process will exit. BIND 9.18.0

Affected Software

VendorProductVersion RangeStatus
ISCBIND9.18.0affected

Weaknesses

  • In BIND 9.18.0 the recursive client code was refactored. This refactoring introduced a "backstop lifetime timer". While BIND is processing a request for a DS record that needs to be forwarded, it waits until this processing is complete or until the backstop lifetime timer has timed out. When the resume_dslookup() function is called as a result of such a timeout, the function does not test whether the fetch has previously been shut down. This introduces the possibility of triggering an assertion failure, which could cause the BIND process to terminate. Only the BIND 9.18 branch is affected. BIND 9.18.0

Workarounds

No workarounds known.

ADP Enrichment

CVE Program Container

Additional References

References