Published: 26/01/2023 Updated: 07/11/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients that are waiting for recursion to complete. If there are sufficient clients already waiting when a new client query is received so that it is necessary to SERVFAIL the longest waiting client (see BIND 9 ARM `recursive-clients` limit and soft quota), then it is possible for a race to occur between providing a stale answer to this older client and sending an early timeout SERVFAIL, which may cause an assertion failure. This issue affects BIND 9 versions 9.16.12 up to and including 9.16.36, 9.18.0 up to and including 9.18.10, 9.19.0 up to and including 9.19.8, and 9.16.12-S1 up to and including 9.16.36-S1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
isc bind 9.16.13
isc bind 9.16.21
isc bind 9.16.32
isc bind 9.16.14
isc bind
isc bind 9.16.36
isc bind 9.16.12

Several security issues were fixed in Bind ...

Several vulnerabilities were discovered in BIND, a DNS server implementation, which may result in denial of service against named For the stable distribution (bullseye), these problems have been fixed in version 1:91637-1~deb11u1 We recommend that you upgrade your bind9 packages For the detailed security status of bind9 please refer to its sec ...

Synopsis Moderate: bind916 security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for bind916 is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update ...

Synopsis Moderate: bind security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for bind is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as havin ...

Synopsis Important: OpenShift Container Platform 4132 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4132 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift C ...

Synopsis Important: Red Hat OpenShift Data Foundation 4130 security and bug fix update Type/Severity Security Advisory: Important Topic Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4130 on Red Hat Enterprise Linux 9Red Hat ...

DescriptionA flaw was found in Bind When resolver receives many queries requiring recursion, there will be a corresponding increase in the number of clients waiting for recursion to complete This may, under certain conditions, lead to an assertion failure and a denial of serviceA flaw was found in Bind When resolver receives many queries ...

CWE-617 https://kb.isc.org/docs/cve-2022-3924 https://ubuntu.com/security/notices/USN-5827-1 https://nvd.nist.gov

CVE-2022-3924

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect