Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2022-3204

Published: 26/09/2022 Updated: 07/11/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Nlnetlabs

Vulnerability Summary

A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the attack and the replies, different limits could be reached. From version 1.16.3 on, Unbound introduces fixes for better performance when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching and limiting the number of times a delegation point can issue a cache lookup for missing records.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

nlnetlabs unbound

fedoraproject fedora 35

fedoraproject fedora 36

fedoraproject fedora 37

Vendor Advisories

Red Hat: Moderate: unbound security update
Synopsis Moderate: unbound security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for unbound is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a se ...
Red Hat: Important: Red Hat OpenShift Service Mesh Containers for 2.4.0
Synopsis Important: Red Hat OpenShift Service Mesh Containers for 240 Type/Severity Security Advisory: Important Topic Red Hat OpenShift Service Mesh Containers for 240Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sev ...
Red Hat: Critical: Red Hat Advanced Cluster Management 2.5.9 security fixes and container updates
Synopsis Critical: Red Hat Advanced Cluster Management 259 security fixes and container updates Type/Severity Security Advisory: Critical Topic Red Hat Advanced Cluster Management for Kubernetes 259 GeneralAvailability release images, which fix security issues and update container imagesRed Hat Product Security has rated this update as h ...
Red Hat: Important: OpenShift Container Platform 4.13.2 bug fix and security update
Synopsis Important: OpenShift Container Platform 4132 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4132 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift C ...
Amazon Linux 2: ALAS-2024-2451
A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers The attack starts by querying a resolver for a record that relies on those unresponsive nameser ...
Amazon Linux 2: ALAS-2024-2467
A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers The attack starts by querying a resolver for a record that relies on those unresponsive nameser ...
Red Hat:
Description<!----> This CVE is under investigation by Red Hat Product Security ...
Amazon Linux 2022: ALAS2022-2023-265
NLnet Labs Unbound, up to and including version 1161 is vulnerable to a novel type of the "ghost domain names" attack The vulnerability works by targeting an Unbound instance Unbound is queried for a subdomain of a rogue domain name The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache T ...

References

CWE-400https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-3204.txthttps://security.gentoo.org/glsa/202212-02https://lists.debian.org/debian-lts-announce/2023/03/msg00024.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3G2HS6CYPSIGAKO6QLEZPG3RD6AMPB7B/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35QGS5FBQTG3DBSK7QV67PA64P24ABHY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4EU6DMJXQFMAIE6SLAH4H5RNRU6VQL/https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2023:2370https://alas.aws.amazon.com/AL2/ALAS-2024-2451.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook