CVE-2022-3736

EPSS 1.14%
Veröffentlicht 26.01.2023 21:15:57
Zuletzt bearbeitet 01.04.2025 15:15:53
Quelle security-officer@isc.org
Teams Watchlist Login
Unerledigt Login

BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query.
This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Isc ≫ Bind SwEdition- Version >= 9.16.12 < 9.16.37

Isc ≫ Bind SwEdition- Version >= 9.18.0 < 9.18.11

Isc ≫ Bind SwEdition- Version >= 9.19.0 < 9.19.9

Isc ≫ Bind Version9.16.11 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.16.13 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.16.14 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.16.21 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.16.32 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.16.36 Updates1 SwEditionsupported_preview

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.14%	0.777

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-officer@isc.org	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://kb.isc.org/docs/cve-2022-3736

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-3736

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3736

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3736

EUVD