CVE-2022-3736

Опубликовано: 25 янв. 2023

Источник: redhat

CVSS3: 7.5

Описание

BIND 9 resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.

A flaw was found in Bind, where a resolver crash is possible. When stale cache and stale answers are enabled, the option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query.

Отчет

The flaw exists in the implementation of the stale-answer-client-timeout option, which was first effectively introduced in bind 9.16.12.

Меры по смягчению последствий

Setting stale-answer-client-timeout to 0 or to off/disabled will prevent BIND from crashing due to this issue.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	bind	Not affected
Red Hat Enterprise Linux 7	bind	Not affected
Red Hat Enterprise Linux 8	bind	Not affected
Red Hat Enterprise Linux 9	dhcp	Not affected
Red Hat Enterprise Linux 8	bind9.16	Fixed	RHSA-2023:2792	16.05.2023
Red Hat Enterprise Linux 9	bind	Fixed	RHSA-2023:2261	09.05.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=2164038bind: sending specific queries to the resolver may cause a DoS

7.5 High

CVSS3

Связанные уязвимости

CVE-2022-3736

CVSS3: 7.5

ubuntu

больше 2 лет назад

BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.