vulnerability

ISC BIND: BIND Supported Preview Edition named may terminate unexpectedly when processing ECS options in repeated responses to iterative queries (CVE-2022-3488)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	Jan 26, 2023	Mar 7, 2023	Mar 27, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Jan 26, 2023

Added

Mar 7, 2023

Modified

Mar 27, 2026

Description

Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure.

'Broken' in this context is anything that would cause the resolver to reject the query response, such as a mismatch between query and answer name.
This issue affects BIND 9 versions 9.11.4-S1 through 9.11.37-S1 and 9.16.8-S1 through 9.16.36-S1.

Solution

upgrade-isc-bind-latest

References

CVE-2022-3488
https://attackerkb.com/topics/CVE-2022-3488
CWE-617
EUVD-EUVD-2022-42860
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-42860
https://kb.isc.org/v1/docs/cve-2022-3488

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report