CVE-2022-1183
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ISC | BIND9 | Open Source Branch 9.18 9.18.0 through versions before 9.18.3 | affected |
| ISC | BIND9 | Development Branch 9.19 9.19.0 | affected |
Weaknesses
- In BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch, an assertion failure can be triggered if a TLS connection to a configured http TLS listener with a defined endpoint is destroyed too early.
Workarounds
No workarounds known.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.