medium
5.3
CWE
404 459
Advisory Published
CVE Published
Updated

CVE-2022-0396: DoS from specifically crafted TCP packets

First published: Wed Mar 16 2022(Updated: )

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.

Credit: security-officer@isc.org

Affected SoftwareAffected VersionHow to fix
redhat/bind9.16<32:9.16.23-0.9.el8.1
32:9.16.23-0.9.el8.1
redhat/bind<32:9.16.23-5.el9_1
32:9.16.23-5.el9_1
redhat/bind<9.16.27
9.16.27
redhat/bind<9.18.1
9.18.1
ISC BIND 9>=9.16.11<9.16.27
ISC BIND 9>=9.16.11<9.16.27
ISC BIND 9>=9.17.0<=9.18.0
Red Hat Fedora=34
Red Hat Fedora=35
Red Hat Fedora=36
NetApp Baseboard Management Controller Firmware
NetApp Baseboard Management Controller H300S
NetApp Baseboard Management Controller Firmware
NetApp Baseboard Management Controller H500S
NetApp Baseboard Management Controller Firmware
NetApp Baseboard Management Controller H700S
NetApp Baseboard Management Controller Firmware
NetApp Baseboard Management Controller H300E
NetApp Baseboard Management Controller H500E Firmware
NetApp Baseboard Management Controller H500E Firmware
NetApp Baseboard Management Controller H700E Firmware
NetApp Baseboard Management Controller H700E Firmware
NetApp Baseboard Management Controller Firmware
NetApp Baseboard Management Controller H410S
NetApp Baseboard Management Controller H410C
NetApp Baseboard Management Controller H410C Firmware
Siemens SINEC Ins<1.0
Siemens SINEC Ins=1.0
Siemens SINEC Ins=1.0-sp1
All of
NetApp H300S Firmware
NetApp H300S Firmware
All of
NetApp H500e Firmware
NetApp H500e Firmware
All of
NetApp H700S
NetApp H700S
All of
NetApp H300E
NetApp H300E Firmware
All of
NetApp H500S Firmware
NetApp H500e Firmware
All of
NetApp H700E
NetApp H700E
All of
NetApp H410S
NetApp H410S Firmware
All of
NetApp H410C
NetApp H410C Firmware

Remedy

To mitigate this issue in all affected versions of BIND, use the default setting of : ~~~ keep-response-order { none; } ~~~

Remedy

https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf

Remedy

Upgrade to the patched release most closely related to your current version of BIND: 9.16.27 9.18.1 BIND Supported Preview Edition is a special feature-preview branch of BIND provided to eligible ISC support customers. 9.16.27-S1

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the vulnerability ID for this BIND vulnerability?

    The vulnerability ID for this BIND vulnerability is CVE-2022-0396.

  • What is the severity of CVE-2022-0396?

    The severity of CVE-2022-0396 is medium.

  • How does the BIND vulnerability affect the software?

    The BIND vulnerability affects versions 9.16.11 to 9.16.26, 9.17.0 to 9.18.0, and versions 9.16.11-S1 to 9.16.26-S1 of BIND Supported.

  • How can a remote attacker exploit CVE-2022-0396?

    A remote attacker can exploit CVE-2022-0396 by sending specially crafted TCP streams to consume TCP connection slots indefinitely.

  • What is the recommended remedy for CVE-2022-0396?

    The recommended remedy for CVE-2022-0396 is to update to BIND version 9.16.27 or 9.18.1 depending on the affected version.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203