VDB
CISA-2022-3080
CISA-2022-3080
PUBLISHED
CVSS 7.5 HIGH
Reported by isc · Published September 21, 2022
By sending specific queries to the resolver, an attacker can cause named to crash.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ISC | BIND9 | Open Source Branch 9.16 9.16.14 through versions before 9.16.33, Open Source Branch 9.18 9.18.0 through versions before 9.18.7, Supported Preview Branch 9.16-S 9.16.14-S1 through versions before 9.16.33-S1 |
| ISC | BIND9 | Open Source Branch 9.16 9.16.14 through versions before 9.16.33, *, Development Branch 9.19 9.19.0 through versions before 9.19.5 |
| fedoraproject | fedora | 36, 35, 37 |
| isc | bind | 9.16.14, 9.19.0, 9.16.32 |
Timeline
- Sep 21, 2022 CVE Published
- Sep 17, 2024 CVE Updated
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Security Advisory
- Apr 26, 2026 Security Advisory
References
- [oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178) mailing-list
- DSA-5235 vendor-advisory
- FEDORA-2022-ef038365de vendor-advisory
- FEDORA-2022-8268735e06 vendor-advisory
- FEDORA-2022-b197d64471 vendor-advisory
- GLSA-202210-25 vendor-advisory