Lucene search

[email protected]CVE-2022-0396

HistoryMar 23, 2022 - 11:15 a.m.

CVE-2022-0396

2022-03-2311:15:00

CWE-404

[email protected]

web.nvd.nist.gov

196

cve-2022-0396

bind

9.16.11

9.16.26

9.17.0

9.18.0

tcp streams

close_wait

nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

56.3%

JSON

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.

CPENameOperatorVersion
isc:bindisc bindle9.18.0
isc:bindisc bindlt9.16.27
fedoraproject:fedorafedoraproject fedoraeq34
fedoraproject:fedorafedoraproject fedoraeq35
fedoraproject:fedorafedoraproject fedoraeq36
netapp:h300s_firmwarenetapp h300s firmwareeq-
netapp:h500s_firmwarenetapp h500s firmwareeq-
netapp:h700s_firmwarenetapp h700s firmwareeq-
netapp:h300e_firmwarenetapp h300e firmwareeq-
netapp:h500e_firmwarenetapp h500e firmwareeq-

CPE	Name	Operator	Version
isc:bind	isc bind	le	9.18.0
isc:bind	isc bind	lt	9.16.27
fedoraproject:fedora	fedoraproject fedora	eq	34
fedoraproject:fedora	fedoraproject fedora	eq	35
fedoraproject:fedora	fedoraproject fedora	eq	36
netapp:h300s_firmware	netapp h300s firmware	eq	-
netapp:h500s_firmware	netapp h500s firmware	eq	-
netapp:h700s_firmware	netapp h700s firmware	eq	-
netapp:h300e_firmware	netapp h300e firmware	eq	-
netapp:h500e_firmware	netapp h500e firmware	eq	-