CVE-2022-2795

MEDIUM 5.3

Processing large delegations may severely degrade resolver performance

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

Vendor	isc
Product	bind9
Published	Sep 21, 2022
Last Updated	Nov 29, 2024

Stay Ahead of the Next One

Get instant alerts for isc bind9

Be the first to know when new medium vulnerabilities affecting isc bind9 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Affected Versions

ISC / BIND9

Open Source Branches 9.0 through 9.16 9.0.0 through versions before 9.16.33 Open Source Branch 9.18 9.18.0 through versions before 9.18.7 Supported Preview Branches 9.9-S through 9.11-S 9.9.3-S1 through versions up to and including 9.11.37-S1 Supported Preview Branch 9.16-S 9.16.8-S1 through versions before 9.16.33-S1 Development Branch 9.19 9.19.0 through versions before 9.19.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

Credits

ISC would like to thank Yehuda Afek from Tel-Aviv University and Anat Bremler-Barr & Shani Stajnrod from Reichman University for bringing this vulnerability to our attention.