CVE-2022-3488

EPSS 7.97%
Veröffentlicht 26.01.2023 21:15:52
Zuletzt bearbeitet 01.04.2025 15:15:52
Quelle security-officer@isc.org
Teams Watchlist Login
Unerledigt Login

Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure.

'Broken' in this context is anything that would cause the resolver to reject the query response, such as a mismatch between query and answer name.
This issue affects BIND 9 versions 9.11.4-S1 through 9.11.37-S1 and 9.16.8-S1 through 9.16.36-S1.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Isc ≫ Bind Version9.11.4 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.11.37 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.16.8 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.16.36 Updates1 SwEditionsupported_preview

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	7.97%	0.917

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-officer@isc.org	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://kb.isc.org/docs/cve-2022-3488

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-3488

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3488

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3488

EUVD