CVE-2022-3736
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
BIND 9 resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query.
This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ISC | BIND 9 | 9.16.12 <= 9.16.36 | affected |
| ISC | BIND 9 | 9.18.0 <= 9.18.10 | affected |
| ISC | BIND 9 | 9.19.0 <= 9.19.8 | affected |
| ISC | BIND 9 | 9.16.12-S1 <= 9.16.36-S1 | affected |
Weaknesses
- n/a
Workarounds
Setting stale-answer-client-timeout to 0 or to off/disabled will prevent BIND from crashing due to this issue.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.