Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-0635

Опубликовано: 16 мар. 2022
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check.

An assertion check flaw was found in BIND, with a refactoration of RFC 8198 Aggressive Use of the DNSSEC-Validated Cache feature (synth-from-dnssec). The repeated patterns of specific queries to servers with this feature enabled could cause an INSIST failure in query.c:query_dname, which results in unexpected termination. This flaw allows a remote attacker to use a series of specific queries to trigger a failed assertion check that causes the named process to terminate, leading to a denial of service.

Отчет

The vulnerability affects BIND resolvers running 9.18.0 with both dnssec-validation and synth-from-dnssec enabled. (Note that dnssec-validation auto; is the default setting unless configured otherwise in named.conf and that enabling dnssec-validation automatically enables synth-from-dnssec unless explicitly disabled) This flaw only affects BIND-9.18.0, whereas Red Hat ships BIND-9.16 and lower versions. Therefore, versions of BIND shipped with Red Hat Products are not affected by this flaw.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6bindNot affected
Red Hat Enterprise Linux 7bindNot affected
Red Hat Enterprise Linux 8bindNot affected
Red Hat Enterprise Linux 8bind9.16Not affected
Red Hat Enterprise Linux 9bindNot affected
Red Hat Enterprise Linux 9dhcpNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-617
https://bugzilla.redhat.com/show_bug.cgi?id=2064514bind: Lookups involving a DNAME could trigger an assertion failure when 'synth-from-dnssec' was enabled (which is the default)

EPSS

Процентиль: 73%
0.00779
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-0635

CVSS3: 7.5
ubuntu
около 3 лет назад

Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check.

nvd логотип

CVE-2022-0635

CVSS3: 7.5
nvd
около 3 лет назад

Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check.

debian логотип

CVE-2022-0635

CVSS3: 7.5
debian
около 3 лет назад

Versions affected: BIND 9.18.0 When a vulnerable version of named rece ...

github логотип

GHSA-q778-7mc2-5qmc

CVSS3: 7.5
github
около 3 лет назад

Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check.

fstec логотип

BDU:2023-02161

CVSS3: 7.5
fstec
около 3 лет назад

Уязвимость сервера DNS BIND, связанная с неудачной проверкой утверждения, которая приводит к неполной очистке, позволяющая нарушителю выполнить атаку типа «отказ в обслуживании»

EPSS

Процентиль: 73%
0.00779
Низкий

7.5 High

CVSS3

Уязвимость CVE-2022-0635