First published: Wed Sep 21 2022(Updated: )
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
Credit: security-officer@isc.org security-officer@isc.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/bind | <32:9.11.4-26.P2.el7_9.13 | 32:9.11.4-26.P2.el7_9.13 |
redhat/bind9.16 | <32:9.16.23-0.14.el8 | 32:9.16.23-0.14.el8 |
redhat/bind | <32:9.11.36-8.el8 | 32:9.11.36-8.el8 |
redhat/bind | <32:9.16.23-11.el9 | 32:9.16.23-11.el9 |
debian/bind9 | <=1:9.11.5.P4+dfsg-5.1+deb10u7 | 1:9.11.5.P4+dfsg-5.1+deb10u9 1:9.16.44-1~deb11u1 1:9.18.19-1~deb12u1 1:9.19.17-1 |
ISC BIND | >=9.0.0<9.16.33 | |
ISC BIND | >=9.18.0<9.18.7 | |
ISC BIND | >=9.19.0<9.19.5 | |
Isc Bind Supported Preview | =9.9.3-s1 | |
ISC BIND | =9.9.3-s1 | |
ISC BIND | =9.9.12-s1 | |
ISC BIND | =9.9.13-s1 | |
ISC BIND | =9.10.5-s1 | |
ISC BIND | =9.10.7-s1 | |
ISC BIND | =9.11.3-s1 | |
Isc Bind Supported Preview | =9.11.5-s3 | |
ISC BIND | =9.11.5-s3 | |
ISC BIND | =9.11.5-s5 | |
ISC BIND | =9.11.5-s6 | |
ISC BIND | =9.11.6-s1 | |
ISC BIND | =9.11.7-s1 | |
ISC BIND | =9.11.8-s1 | |
ISC BIND | =9.11.12-s1 | |
ISC BIND | =9.11.14-s1 | |
ISC BIND | =9.11.19-s1 | |
ISC BIND | =9.11.21-s1 | |
ISC BIND | =9.11.27-s1 | |
ISC BIND | =9.11.29-s1 | |
ISC BIND | =9.11.35-s1 | |
ISC BIND | =9.11.37-s1 | |
ISC BIND | =9.16.8-s1 | |
ISC BIND | =9.16.11-s1 | |
ISC BIND | =9.16.13-s1 | |
ISC BIND | =9.16.21-s1 | |
ISC BIND | =9.16.32-s1 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Fedoraproject Fedora | =35 | |
Fedoraproject Fedora | =36 | |
Fedoraproject Fedora | =37 | |
redhat/bind | <9.16.33 | 9.16.33 |
redhat/bind | <9.18.7 | 9.18.7 |
redhat/bind | <9.19.5 | 9.19.5 |
>=9.0.0<9.16.33 | ||
>=9.18.0<9.18.7 | ||
>=9.19.0<9.19.5 | ||
=9.9.3-s1 | ||
=9.9.3-s1 | ||
=9.9.12-s1 | ||
=9.9.13-s1 | ||
=9.10.5-s1 | ||
=9.10.7-s1 | ||
=9.11.3-s1 | ||
=9.11.5-s3 | ||
=9.11.5-s3 | ||
=9.11.5-s5 | ||
=9.11.5-s6 | ||
=9.11.6-s1 | ||
=9.11.7-s1 | ||
=9.11.8-s1 | ||
=9.11.12-s1 | ||
=9.11.14-s1 | ||
=9.11.19-s1 | ||
=9.11.21-s1 | ||
=9.11.27-s1 | ||
=9.11.29-s1 | ||
=9.11.35-s1 | ||
=9.11.37-s1 | ||
=9.16.8-s1 | ||
=9.16.11-s1 | ||
=9.16.13-s1 | ||
=9.16.21-s1 | ||
=9.16.32-s1 | ||
=10.0 | ||
=11.0 | ||
=35 | ||
=36 | ||
=37 |
Upgrade to the patched release most closely related to your current version of BIND: BIND 9.16.33, BIND 9.18.7, BIND 9.19.5, or for BIND Supported Preview Edition (a special feature preview branch of BIND provided to eligible ISC support customers): BIND 9.16.33-S1.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
The vulnerability ID for this flaw is CVE-2022-2795.
The severity of CVE-2022-2795 is medium with a severity value of 5.3.
The vulnerability CVE-2022-2795 allows an attacker to significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
The software versions affected by CVE-2022-2795 include bind 9.16.33, bind 9.18.7, bind 9.19.5, and corresponding versions in Red Hat and Debian distributions.
Yes, there are known remedies for CVE-2022-2795 which include upgrading to specific versions of bind like 9.16.44-1~deb11u1 or applying patches provided by Red Hat and Debian.