Lucene search

[email protected]CVE-2022-1183

HistoryMay 19, 2022 - 10:15 a.m.

CVE-2022-1183

2022-05-1910:15:09

CWE-617

[email protected]

web.nvd.nist.gov

136

cve-2022-1183

vulnerability

named daemon

bind 9

assertion failure

dns

tls

dot

doh

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

40.7%

JSON

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.

Affected configurations

NVD

Node

iscbindRange9.18.0–9.18.2-

iscbindMatch9.19.0-

Node

netapph410cMatch-

AND

netapph410c_firmwareMatch-

Node

netapph300sMatch-

AND

netapph300s_firmwareMatch-

Node

netapph500sMatch-

AND

netapph500s_firmwareMatch-

Node

netapph700sMatch-

AND

netapph700s_firmwareMatch-

Node

netapph410sMatch-

AND

netapph410s_firmwareMatch-

CPENameOperatorVersion
isc:bindisc bindle9.18.2
isc:bindisc bindeq9.19.0

CPE	Name	Operator	Version
isc:bind	isc bind	le	9.18.2
isc:bind	isc bind	eq	9.19.0

CNA Affected

[
  {
    "product": "BIND9",
    "vendor": "ISC",
    "versions": [
      {
        "status": "affected",
        "version": "Open Source Branch 9.18 9.18.0 through versions before 9.18.3"
      },
      {
        "status": "affected",
        "version": "Development Branch 9.19 9.19.0"
      }
    ]
  }
]