7.5

CVE-2022-3736

BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query.
This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.

Data is provided by the National Vulnerability Database (NVD)
IscBind SwEdition- Version >= 9.16.12 < 9.16.37
IscBind SwEdition- Version >= 9.18.0 < 9.18.11
IscBind SwEdition- Version >= 9.19.0 < 9.19.9
IscBind Version9.16.11 Updates1 SwEditionsupported_preview
IscBind Version9.16.13 Updates1 SwEditionsupported_preview
IscBind Version9.16.14 Updates1 SwEditionsupported_preview
IscBind Version9.16.21 Updates1 SwEditionsupported_preview
IscBind Version9.16.32 Updates1 SwEditionsupported_preview
IscBind Version9.16.36 Updates1 SwEditionsupported_preview
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.14% 0.777
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-officer@isc.org 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.