{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-3080", "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "dateUpdated": "2024-09-17T01:56:40.440Z", "dateReserved": "2022-09-01T00:00:00", "datePublished": "2022-09-21T10:15:29.861874Z"}, "containers": {"cna": {"title": "BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly", "datePublic": "2022-09-21T00:00:00", "providerMetadata": {"orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc", "dateUpdated": "2024-06-21T19:08:09.899226"}, "descriptions": [{"lang": "en", "value": "By sending specific queries to the resolver, an attacker can cause named to crash."}], "affected": [{"vendor": "ISC", "product": "BIND9", "versions": [{"version": "Open Source Branch 9.16 9.16.14 through versions before 9.16.33", "status": "affected"}, {"version": "Open Source Branch 9.18 9.18.0 through versions before 9.18.7", "status": "affected"}, {"version": "Supported Preview Branch 9.16-S 9.16.14-S1 through versions before 9.16.33-S1", "status": "affected"}, {"version": "Development Branch 9.19 9.19.0 through versions before 9.19.5", "status": "affected"}]}], "references": [{"url": "https://kb.isc.org/docs/cve-2022-3080"}, {"name": "[oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/3"}, {"name": "DSA-5235", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2022/dsa-5235"}, {"name": "FEDORA-2022-ef038365de", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/"}, {"name": "FEDORA-2022-8268735e06", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/"}, {"name": "FEDORA-2022-b197d64471", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/"}, {"name": "GLSA-202210-25", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202210-25"}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0002/"}], "credits": [{"lang": "en", "value": "ISC would like to thank Maksym Odinintsev for bringing this vulnerability to our attention."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "In BIND 9.16.14 -> 9.16.32, 9.18.0 -> 9.18.6, versions 9.16.14-S1 -> 9.16.32-S1 of the BIND Supported Preview Edition, and versions 9.19.0 -> 9.19.4 of the BIND 9.19 development branch, a BIND 9 resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to 0 and there is a stale CNAME in the cache for an incoming query."}]}], "source": {"discovery": "EXTERNAL"}, "workarounds": [{"lang": "en", "value": "Setting stale-answer-client-timeout to off or to an integer greater than 0 will prevent BIND from crashing due to this issue."}], "exploits": [{"lang": "en", "value": "We are not aware of any active exploits."}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND: BIND 9.16.33, BIND 9.18.7, BIND 9.19.5, or for BIND Supported Preview Edition (a special feature preview branch of BIND provided to eligible ISC support customers): BIND 9.16.33-S1."}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-613", "lang": "en", "description": "CWE-613 Insufficient Session Expiration"}]}], "affected": [{"vendor": "fedoraproject", "product": "fedora", "cpes": ["cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "35", "status": "affected"}]}, {"vendor": "fedoraproject", "product": "fedora", "cpes": ["cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "36", "status": "affected"}]}, {"vendor": "fedoraproject", "product": "fedora", "cpes": ["cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "37", "status": "affected"}]}, {"vendor": "isc", "product": "bind", "cpes": ["cpe:2.3:a:isc:bind:9.16.14:-:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.16.14:s1:*:*:supported_preview:*:*:*", "cpe:2.3:a:isc:bind:9.16.21:s1:*:*:supported_preview:*:*:*", "cpe:2.3:a:isc:bind:9.16.32:s1:*:*:supported_preview:*:*:*", "cpe:2.3:a:isc:bind:9.18.0:*:*:*:-:*:*:*", "cpe:2.3:a:isc:bind:9.19.0:*:*:*:-:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "9.16.14", "status": "affected", "lessThan": "9.16.33", "versionType": "custom"}, {"version": "9.16.14", "status": "affected"}, {"version": "9.16.21", "status": "affected"}, {"version": "9.16.32", "status": "affected"}, {"version": "9.18.0", "status": "affected", "lessThan": "9.18.7", "versionType": "custom"}, {"version": "9.19.0", "status": "affected", "lessThan": "9.19.5", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-26T19:18:15.810751Z", "id": "CVE-2022-3080", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-01T18:41:59.985Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:00:10.486Z"}, "title": "CVE Program Container", "references": [{"url": "https://kb.isc.org/docs/cve-2022-3080", "tags": ["x_transferred"]}, {"name": "[oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/3"}, {"name": "DSA-5235", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5235"}, {"name": "FEDORA-2022-ef038365de", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/"}, {"name": "FEDORA-2022-8268735e06", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/"}, {"name": "FEDORA-2022-b197d64471", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/"}, {"name": "GLSA-202210-25", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202210-25"}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0002/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://kb.isc.org/docs/cve-2022-3080", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/09/21/3", "name": "[oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://www.debian.org/security/2022/dsa-5235", "name": "DSA-5235", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/", "name": "FEDORA-2022-ef038365de", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/", "name": "FEDORA-2022-8268735e06", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/", "name": "FEDORA-2022-b197d64471", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202210-25", "name": "GLSA-202210-25", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0002/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:00:10.486Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-3080", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-26T19:18:15.810751Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"], "vendor": "fedoraproject", "product": "fedora", "versions": [{"status": "affected", "version": "35"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*"], "vendor": "fedoraproject", "product": "fedora", "versions": [{"status": "affected", "version": "36"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*"], "vendor": "fedoraproject", "product": "fedora", "versions": [{"status": "affected", "version": "37"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:isc:bind:9.16.14:-:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.16.14:s1:*:*:supported_preview:*:*:*", "cpe:2.3:a:isc:bind:9.16.21:s1:*:*:supported_preview:*:*:*", "cpe:2.3:a:isc:bind:9.16.32:s1:*:*:supported_preview:*:*:*", "cpe:2.3:a:isc:bind:9.18.0:*:*:*:-:*:*:*", "cpe:2.3:a:isc:bind:9.19.0:*:*:*:-:*:*:*"], "vendor": "isc", "product": "bind", "versions": [{"status": "affected", "version": "9.16.14", "lessThan": "9.16.33", "versionType": "custom"}, {"status": "affected", "version": "9.16.14"}, {"status": "affected", "version": "9.16.21"}, {"status": "affected", "version": "9.16.32"}, {"status": "affected", "version": "9.18.0", "lessThan": "9.18.7", "versionType": "custom"}, {"status": "affected", "version": "9.19.0", "lessThan": "9.19.5", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-613", "description": "CWE-613 Insufficient Session Expiration"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-01T17:21:09.396Z"}}], "cna": {"title": "BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "value": "ISC would like to thank Maksym Odinintsev for bringing this vulnerability to our attention."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ISC", "product": "BIND9", "versions": [{"status": "affected", "version": "Open Source Branch 9.16 9.16.14 through versions before 9.16.33"}, {"status": "affected", "version": "Open Source Branch 9.18 9.18.0 through versions before 9.18.7"}, {"status": "affected", "version": "Supported Preview Branch 9.16-S 9.16.14-S1 through versions before 9.16.33-S1"}, {"status": "affected", "version": "Development Branch 9.19 9.19.0 through versions before 9.19.5"}]}], "exploits": [{"lang": "en", "value": "We are not aware of any active exploits."}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND: BIND 9.16.33, BIND 9.18.7, BIND 9.19.5, or for BIND Supported Preview Edition (a special feature preview branch of BIND provided to eligible ISC support customers): BIND 9.16.33-S1."}], "datePublic": "2022-09-21T00:00:00", "references": [{"url": "https://kb.isc.org/docs/cve-2022-3080"}, {"url": "http://www.openwall.com/lists/oss-security/2022/09/21/3", "name": "[oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)", "tags": ["mailing-list"]}, {"url": "https://www.debian.org/security/2022/dsa-5235", "name": "DSA-5235", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/", "name": "FEDORA-2022-ef038365de", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/", "name": "FEDORA-2022-8268735e06", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/", "name": "FEDORA-2022-b197d64471", "tags": ["vendor-advisory"]}, {"url": "https://security.gentoo.org/glsa/202210-25", "name": "GLSA-202210-25", "tags": ["vendor-advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0002/"}], "workarounds": [{"lang": "en", "value": "Setting stale-answer-client-timeout to off or to an integer greater than 0 will prevent BIND from crashing due to this issue."}], "descriptions": [{"lang": "en", "value": "By sending specific queries to the resolver, an attacker can cause named to crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "In BIND 9.16.14 -> 9.16.32, 9.18.0 -> 9.18.6, versions 9.16.14-S1 -> 9.16.32-S1 of the BIND Supported Preview Edition, and versions 9.19.0 -> 9.19.4 of the BIND 9.19 development branch, a BIND 9 resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to 0 and there is a stale CNAME in the cache for an incoming query."}]}], "providerMetadata": {"orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc", "dateUpdated": "2024-06-21T19:08:09.899226"}}}, "cveMetadata": {"cveId": "CVE-2022-3080", "state": "PUBLISHED", "dateUpdated": "2024-09-17T01:56:40.440Z", "dateReserved": "2022-09-01T00:00:00", "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "datePublished": "2022-09-21T10:15:29.861874Z", "assignerShortName": "isc"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "matchCriteriaId": "1C9E18B6-A092-411A-BFBD-65394106B180", "versionEndExcluding": "9.16.33", "versionStartIncluding": "9.16.14", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "matchCriteriaId": "BAE4B411-40F7-422D-8A5C-775ED1D00189", "versionEndExcluding": "9.18.7", "versionStartIncluding": "9.18.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "matchCriteriaId": "3E1EC206-AC11-4A7E-9723-C4F69FF76892", "versionEndExcluding": "9.19.5", "versionStartIncluding": "9.19.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.16.14:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "53593603-E2AF-4925-A6E6-109F097A0FF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.16.21:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "751E37C2-8BFD-4306-95C1-8C01CE495FA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.16.32:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "CC432820-F1A2-4132-A673-2620119553C5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "By sending specific queries to the resolver, an attacker can cause named to crash."}, {"lang": "es", "value": "Mediante el env\u00edo de consultas espec\u00edficas al resolver, un atacante puede causar la ca\u00edda de named"}], "id": "CVE-2022-3080", "lastModified": "2024-11-21T07:18:46.930", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-officer@isc.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-21T11:15:09.787", "references": [{"source": "security-officer@isc.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/3"}, {"source": "security-officer@isc.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://kb.isc.org/docs/cve-2022-3080"}, {"source": "security-officer@isc.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/"}, {"source": "security-officer@isc.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/"}, {"source": "security-officer@isc.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/"}, {"source": "security-officer@isc.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202210-25"}, {"source": "security-officer@isc.org", "url": "https://security.netapp.com/advisory/ntap-20240621-0002/"}, {"source": "security-officer@isc.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5235"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://kb.isc.org/docs/cve-2022-3080"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202210-25"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240621-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5235"}], "sourceIdentifier": "security-officer@isc.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-613"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Maksym Odinintsev for reporting this issue.", "affected_release": [{"advisory": "RHSA-2022:6781", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "bind9.16-32:9.16.23-0.7.el8_6.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-10-04T00:00:00Z"}, {"advisory": "RHSA-2022:6763", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "bind-32:9.16.23-1.el9_0.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-10-03T00:00:00Z"}], "bugzilla": {"description": "bind: BIND 9 resolvers configured to answer from cache with zero stale-answer-timeout may terminate unexpectedly", "id": "2128600", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128600"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["By sending specific queries to the resolver, an attacker can cause named to crash.", "A flaw was found in the Bind package, where the resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to 0 and there is a stale CNAME in the cache for an incoming query. By sending specific queries to the resolver, an attacker can cause named to crash."], "name": "CVE-2022-3080", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "dhcp", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-09-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-3080\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3080\nhttps://kb.isc.org/docs/cve-2022-3080"], "statement": "This issue affects versions 9.16.14 and higher of the Bind package. Therefore Red Hat Enterprise Linux 6 and 7 are not impacted.", "threat_severity": "Important", "upstream_fix": "bind 9.16.33, bind 9.18.7, bind 9.19.5"}