high
7.5
CWE
400
Advisory Published
CVE Published
Updated

CVE-2022-3204: NRDelegation Attack

First published: Thu Sep 22 2022(Updated: )

A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the attack and the replies, different limits could be reached. From version 1.16.3 on, Unbound introduces fixes for better performance when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching and limiting the number of times a delegation point can issue a cache lookup for missing records.

Credit: sep@nlnetlabs.nl

Affected SoftwareAffected VersionHow to fix
Nlnetlabs Unbound<=1.16.2
Fedoraproject Fedora=35
Fedoraproject Fedora=36
Fedoraproject Fedora=37
redhat/unbound<1.16.3
1.16.3

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2022-3204?

    CVE-2022-3204 is a vulnerability named Non-Responsive Delegation Attack (NRDelegation Attack) that affects various DNS resolving software.

  • How does Non-Responsive Delegation Attack work?

    Non-Responsive Delegation Attack works by having a malicious delegation with a considerable number of non-responsive nameservers.

  • Which software is affected by CVE-2022-3204?

    Nlnetlabs Unbound, Fedoraproject Fedora versions 35, 36, and 37 are affected by CVE-2022-3204.

  • What is the severity of CVE-2022-3204?

    The severity of CVE-2022-3204 is high with a CVSS score of 7.5.

  • How can I fix CVE-2022-3204?

    To fix CVE-2022-3204, users should update to the latest version of the affected software.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203