11968 matches found
CVE-2022-3924
This issue can affect BIND 9 resolvers with stale-answer-enable yes; that also make use of the option stale-answer-client-timeout, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clien...
CVE-2022-3924
CVE-2022-3924 is a vulnerability in ISC BIND where stale-answer-client-timeout (enabled with a positive value) can cause a race between returning a stale answer and an early SERVFAIL, potentially triggering an assertion failure and DoS. Affected are BIND 9.16.12–9.16.36, 9.18.0–9.18.10, 9.19.0–9....
CVE-2022-3736 named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries
BIND 9 resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and...
CVE-2022-3736 named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries
BIND 9 resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and...
CVE-2022-3736
BIND 9 resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and...
CVE-2022-3736
CVE-2022-3736 affects ISC BIND 9 resolvers. When stale-answer-cache is enabled and stale-answer-timeout is >0, receiving an RRSIG query can cause named to crash. Affected versions include 9.16.12–9.16.36, 9.18.0–9.18.10, 9.19.0–9.19.8 (and associated S1 builds). Patches exist: remediation is t...
CVE-2022-3736
BIND 9 resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and...
CVE-2022-3488 named may terminate unexpectedly when processing ECS options in repeated responses to iterative queries
Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything that would cause the resolver to reject the query response, such a...
CVE-2022-3488
ISC BIND is affected by CVE-2022-3488: when a resolver processes repeated responses to the same query that include ECS pseudo-options, if the first response is broken, the named process can exit with an assertion failure. Affected are BIND 9.x releases: 9.11.4-S1–9.11.37-S1 and 9.16.8-S1–9.16.36-...
CVE-2022-3488 named may terminate unexpectedly when processing ECS options in repeated responses to iterative queries
Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything that would cause the resolver to reject the query response, such a...
CVE-2022-3488
Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything that would cause the resolver to reject the query response, such a...
CVE-2022-3094 An UPDATE message flood may cause named to exhaust all available memory
Sending a flood of dynamic DNS updates may cause named to allocate large amounts of memory. This, in turn, may cause named to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions ACLs and is...
CVE-2022-3094
CVE-2022-3094 affects ISC BIND and allows denial of service by flooding dynamic DNS UPDATE requests. A memory allocation occurs before ACL checks, and memory retained for accepted clients can exhaust resources; memory for non-permitted clients is released on rejection. The impact is a DoS (availa...
CVE-2022-3094
Sending a flood of dynamic DNS updates may cause named to allocate large amounts of memory. This, in turn, may cause named to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions ACLs and is...
CVE-2022-3094 An UPDATE message flood may cause named to exhaust all available memory
Sending a flood of dynamic DNS updates may cause named to allocate large amounts of memory. This, in turn, may cause named to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions ACLs and is...
CVE-2022-3094
Sending a flood of dynamic DNS updates may cause named to allocate large amounts of memory. This, in turn, may cause named to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions ACLs and is...
USN-5827-1: Bind vulnerabilities
Rob Schulhof discovered that Bind incorrectly handled a large number of UPDATE messages. A remote attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of service. CVE-2022-3094 Borja Marcos discovered that Bind incorrectly handled certain RRSIG queries....
CVE-2022-3924
A flaw was found in Bind. When resolver receives many queries requiring recursion, there will be a corresponding increase in the number of clients waiting for recursion to complete. This may, under certain conditions, lead to an assertion failure and a denial of service. Mitigation Disabling...
CVE-2022-3736
A flaw was found in Bind, where a resolver crash is possible. When stale cache and stale answers are enabled, the option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query. Mitigation Setting stale-answer-client-timeout to 0 or to off/disabled will...
CVE-2022-3094
A flaw was found in Bind, where sending a flood of dynamic DNS updates may cause named to allocate large amounts of memory. This issue may cause named to slow down due to a lack of free memory, resulting in a denial of service DoS...