CVE-2022-2881

Summary

The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.

Affected Software

VendorProductVersion RangeStatus
ISCBIND9Open Source Branch 9.18 9.18.0 through versions before 9.18.7affected
ISCBIND9Development Branch 9.19 9.19.0 through versions before 9.19.5affected

Weaknesses

  • In BIND 9.18.0 -> 9.18.6 and versions 9.19.0 -> 9.19.4 of the BIND 9.19 development branch, when an HTTP connection was reused to request statistics from the stats channel, the content length of successive responses could grow in size past the end of the allocated buffer.

Workarounds

Disable the statistics channel.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References