CVE-2022-3080

Summary

By sending specific queries to the resolver, an attacker can cause named to crash.

Affected Software

VendorProductVersion RangeStatus
ISCBIND9Open Source Branch 9.16 9.16.14 through versions before 9.16.33affected
ISCBIND9Open Source Branch 9.18 9.18.0 through versions before 9.18.7affected
ISCBIND9Supported Preview Branch 9.16-S 9.16.14-S1 through versions before 9.16.33-S1affected
ISCBIND9Development Branch 9.19 9.19.0 through versions before 9.19.5affected

Weaknesses

  • In BIND 9.16.14 -> 9.16.32, 9.18.0 -> 9.18.6, versions 9.16.14-S1 -> 9.16.32-S1 of the BIND Supported Preview Edition, and versions 9.19.0 -> 9.19.4 of the BIND 9.19 development branch, a BIND 9 resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to 0 and there is a stale CNAME in the cache for an incoming query.

Workarounds

Setting stale-answer-client-timeout to off or to an integer greater than 0 will prevent BIND from crashing due to this issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References