Rapid7 Vulnerability & Exploit Database

ISC BIND: BIND Supported Preview Edition named may terminate unexpectedly when processing ECS options in repeated responses to iterative queries (CVE-2022-3488)

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

ISC BIND: BIND Supported Preview Edition named may terminate unexpectedly when processing ECS options in repeated responses to iterative queries (CVE-2022-3488)

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
01/26/2023
Created
03/08/2023
Added
03/07/2023
Modified
11/08/2023

Description

Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything that would cause the resolver to reject the query response, such as a mismatch between query and answer name. This issue affects BIND 9 versions 9.11.4-S1 through 9.11.37-S1 and 9.16.8-S1 through 9.16.36-S1.

Solution(s)

  • upgrade-isc-bind-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;