cve/2022/CVE-2022-0396.md

### [CVE-2022-0396](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0396)
![](https://img.shields.io/static/v1?label=Product&message=BIND&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=Open%20Source%20Branch%209.169.16.11%20through%20versions%20before%209.16.27%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=ISC%20recently%20discovered%20an%20issue%20in%20BIND%20that%20allows%20TCP%20connection%20slots%20to%20be%20consumed%20for%20an%20indefinite%20time%20frame%20via%20a%20specifically%20crafted%20TCP%20stream%20sent%20from%20a%20client.%20This%20issue%20is%20present%20in%20BIND.%20BIND%209.16.11%20-%3E%209.16.26%2C%209.17.0%20-%3E%209.18.0%20and%20versions%209.16.11-S1%20-%3E%209.16.26-S1%20of%20the%20BIND%20Supported%20Preview%20Edition.%209.16.11%20to%209.16.26%20(including%20S%20editions)%2C%20and%209.18.0.%20This%20issue%20can%20only%20be%20triggered%20on%20BIND%20servers%20which%20have%20keep-response-order%20enabled%2C%20which%20is%20not%20the%20default%20configuration.%20The%20keep-response-order%20option%20is%20an%20ACL%20block%3B%20any%20hosts%20which%20are%20specified%20within%20it%20will%20be%20able%20to%20trigger%20this%20issue%20on%20affected%20versions.%20BIND%209.16.11%20-%3E%209.16.26%2C%209.17.0%20-%3E%209.18.0%20and%20versions%209.16.11-S1%20-%3E%209.16.26-S1%20of%20the%20BIND%20Supported%20Preview%20Edition.&color=brighgreen)

### Description

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2022-0396](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0396)`
			`![](https://img.shields.io/static/v1?label=Product&message=BIND&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=Open%20Source%20Branch%209.169.16.11%20through%20versions%20before%209.16.27%20&color=brighgreen)`
			![](https://img.shields.io/static/v1?label=Vulnerability&message=ISC%20recently%20discovered%20an%20issue%20in%20BIND%20that%20allows%20TCP%20connection%20slots%20to%20be%20consumed%20for%20an%20indefinite%20time%20frame%20via%20a%20specifically%20crafted%20TCP%20stream%20sent%20from%20a%20client.%20This%20issue%20is%20present%20in%20BIND.%20BIND%209.16.11%20-%3E%209.16.26%2C%209.17.0%20-%3E%209.18.0%20and%20versions%209.16.11-S1%20-%3E%209.16.26-S1%20of%20the%20BIND%20Supported%20Preview%20Edition.%209.16.11%20to%209.16.26%20(including%20S%20editions)%2C%20and%209.18.0.%20This%20issue%20can%20only%20be%20triggered%20on%20BIND%20servers%20which%20have%20keep-response-order%20enabled%2C%20which%20is%20not%20the%20default%20configuration.%20The%20keep-response-order%20option%20is%20an%20ACL%20block%3B%20any%20hosts%20which%20are%20specified%20within%20it%20will%20be%20able%20to%20trigger%20this%20issue%20on%20affected%20versions.%20BIND%209.16.11%20-%3E%209.16.26%2C%209.17.0%20-%3E%209.18.0%20and%20versions%209.16.11-S1%20-%3E%209.16.26-S1%20of%20the%20BIND%20Supported%20Preview%20Edition.&color=brighgreen)

			`### Description`

			`BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/ARPSyndicate/cvemon`