CVE-2022-3488
First published: Thu Jan 26 2023(Updated: )
Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything that would cause the resolver to reject the query response, such as a mismatch between query and answer name. This issue affects BIND 9 versions 9.11.4-S1 through 9.11.37-S1 and 9.16.8-S1 through 9.16.36-S1.
Credit: security-officer@isc.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ISC BIND | =9.11.4-s1 | |
| ISC BIND | =9.11.37-s1 | |
| ISC BIND | =9.16.8-s1 | |
| ISC BIND | =9.16.36-s1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-3488?
CVE-2022-3488 is a vulnerability that affects BIND, a DNS software, which can cause the software to exit with an assertion failure under specific conditions.
What is the severity of CVE-2022-3488?
CVE-2022-3488 has a severity value of 7.5, which is considered high.
Which software is affected by CVE-2022-3488?
CVE-2022-3488 affects ISC BIND versions 9.11.4, 9.11.37, 9.16.8, and 9.16.36, specifically those with the 'supported_preview' designation.
How does CVE-2022-3488 affect BIND?
CVE-2022-3488 can cause BIND to exit with an assertion failure when processing repeated responses to the same query where both responses contain ECS pseudo-options, but where the first response is broken in some way.
Is there a fix for CVE-2022-3488?
Yes, ISC has released patches and workarounds to address the vulnerability. It is recommended to update to the latest version of BIND and apply the necessary fixes.
- collector/nvd-index
- vendor/isc
- canonical/isc bind
- version/isc bind/9.11.4-s1
- version/isc bind/9.11.37-s1
- version/isc bind/9.16.8-s1
- version/isc bind/9.16.36-s1