2022-09-01 14:00:35 +00:00
{
"data_type" : "CVE" ,
"data_format" : "MITRE" ,
"data_version" : "4.0" ,
"CVE_data_meta" : {
2022-09-21 12:04:10 +02:00
"DATE_PUBLIC" : "2022-09-21T09:39:29.000Z" ,
2022-09-01 14:00:35 +00:00
"ID" : "CVE-2022-3080" ,
2022-09-21 12:04:10 +02:00
"ASSIGNER" : "security-officer@isc.org" ,
"STATE" : "PUBLIC" ,
"TITLE" : "BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly"
2022-09-01 14:00:35 +00:00
} ,
2022-09-21 12:04:10 +02:00
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BIND9" ,
"version" : {
"version_data" : [
{
"version_name" : "Open Source Branch 9.16" ,
"version_value" : "9.16.14 through versions before 9.16.33"
} ,
{
"version_name" : "Open Source Branch 9.18" ,
"version_value" : "9.18.0 through versions before 9.18.7"
} ,
{
"version_name" : "Supported Preview Branch 9.16-S" ,
"version_value" : "9.16.14-S1 through versions before 9.16.33-S1"
} ,
{
"version_name" : "Development Branch 9.19" ,
"version_value" : "9.19.0 through versions before 9.19.5"
}
]
}
}
]
} ,
"vendor_name" : "ISC"
}
]
}
} ,
"credit" : [
{
"lang" : "eng" ,
"value" : "ISC would like to thank Maksym Odinintsev for bringing this vulnerability to our attention."
}
] ,
2022-09-01 14:00:35 +00:00
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2022-09-21 12:04:10 +02:00
"value" : "By sending specific queries to the resolver, an attacker can cause named to crash."
}
]
} ,
"exploit" : [
{
"lang" : "eng" ,
"value" : "We are not aware of any active exploits."
}
] ,
"impact" : {
"cvss" : {
"attackComplexity" : "LOW" ,
"attackVector" : "NETWORK" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 7.5 ,
"baseSeverity" : "HIGH" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "NONE" ,
"privilegesRequired" : "NONE" ,
"scope" : "UNCHANGED" ,
"userInteraction" : "NONE" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" ,
"version" : "3.1"
}
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "In BIND 9.16.14 -> 9.16.32, 9.18.0 -> 9.18.6, versions 9.16.14-S1 -> 9.16.32-S1 of the BIND Supported Preview Edition, and versions 9.19.0 -> 9.19.4 of the BIND 9.19 development branch, a BIND 9 resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to 0 and there is a stale CNAME in the cache for an incoming query."
}
]
2022-09-01 14:00:35 +00:00
}
]
2022-09-21 12:04:10 +02:00
} ,
"references" : {
"reference_data" : [
{
"name" : "https://kb.isc.org/docs/cve-2022-3080" ,
"refsource" : "CONFIRM" ,
"url" : "https://kb.isc.org/docs/cve-2022-3080"
2022-09-21 12:00:39 +00:00
} ,
{
"refsource" : "MLIST" ,
"name" : "[oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)" ,
"url" : "http://www.openwall.com/lists/oss-security/2022/09/21/3"
2022-09-23 04:00:34 +00:00
} ,
{
"refsource" : "DEBIAN" ,
"name" : "DSA-5235" ,
"url" : "https://www.debian.org/security/2022/dsa-5235"
2022-09-25 02:00:35 +00:00
} ,
{
"refsource" : "FEDORA" ,
"name" : "FEDORA-2022-ef038365de" ,
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/"
2022-09-27 23:00:42 +00:00
} ,
{
"refsource" : "FEDORA" ,
"name" : "FEDORA-2022-8268735e06" ,
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/"
2022-10-01 06:00:31 +00:00
} ,
{
"refsource" : "FEDORA" ,
"name" : "FEDORA-2022-b197d64471" ,
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/"
2022-10-31 04:00:31 +00:00
} ,
{
"refsource" : "GENTOO" ,
"name" : "GLSA-202210-25" ,
"url" : "https://security.gentoo.org/glsa/202210-25"
2022-09-21 12:04:10 +02:00
}
]
} ,
"solution" : [
{
"lang" : "eng" ,
"value" : "Upgrade to the patched release most closely related to your current version of BIND: BIND 9.16.33, BIND 9.18.7, BIND 9.19.5, or for BIND Supported Preview Edition (a special feature preview branch of BIND provided to eligible ISC support customers): BIND 9.16.33-S1."
}
] ,
"source" : {
"discovery" : "EXTERNAL"
} ,
"work_around" : [
{
"lang" : "eng" ,
"value" : "Setting stale-answer-client-timeout to off or to an integer greater than 0 will prevent BIND from crashing due to this issue."
}
]
2022-09-01 14:00:35 +00:00
}