CVE-2022-3488

EPSS 7.97%
Published 26.01.2023 21:15:52
Last modified 01.04.2025 15:15:52
Source security-officer@isc.org
Teams watchlist Login
Open Login

Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure.

'Broken' in this context is anything that would cause the resolver to reject the query response, such as a mismatch between query and answer name.
This issue affects BIND 9 versions 9.11.4-S1 through 9.11.37-S1 and 9.16.8-S1 through 9.16.36-S1.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Isc ≫ Bind Version9.11.4 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.11.37 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.16.8 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.16.36 Updates1 SwEditionsupported_preview

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	7.97%	0.917

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-officer@isc.org	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://kb.isc.org/docs/cve-2022-3488

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-3488

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3488

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3488

EUVD