CVE-2022-2795

Summary

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

Affected Software

VendorProductVersion RangeStatus
ISCBIND9Open Source Branches 9.0 through 9.16 9.0.0 through versions before 9.16.33affected
ISCBIND9Open Source Branch 9.18 9.18.0 through versions before 9.18.7affected
ISCBIND9Supported Preview Branches 9.9-S through 9.11-S 9.9.3-S1 through versions up to and including 9.11.37-S1affected
ISCBIND9Supported Preview Branch 9.16-S 9.16.8-S1 through versions before 9.16.33-S1affected
ISCBIND9Development Branch 9.19 9.19.0 through versions before 9.19.5affected

Weaknesses

  • In BIND 9.0.0 -> 9.16.32, 9.18.0 -> 9.18.6, versions 9.9.3-S1 -> 9.11.37-S1, 9.16.8-S1 -> 9.16.32-S1 of the BIND Supported Preview Edition, and versions 9.19.0 -> 9.19.4 of the BIND 9.19 development branch, a flaw in resolver code can cause named to spend excessive amounts of time on processing large delegations.

Workarounds

No workarounds known.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References