CVE-2022-2795
Published: 21 September 2022
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
Notes
Author | Note |
---|---|
alexmurray | As of isc-dhcp-4.4.3-1, isc-dhcp vendors bind9 libs |
mdeslaur | This is unlikely to affect isc-dhcp's use of bind9-libs and the vendored bind9 libs, marking as negligible |
Priority
Status
Package | Release | Status |
---|---|---|
bind9 Launchpad, Ubuntu, Debian |
bionic |
Released
(1:9.11.3+dfsg-1ubuntu1.18)
|
focal |
Released
(1:9.16.1-0ubuntu2.11)
|
|
jammy |
Released
(1:9.18.1-1ubuntu1.2)
|
|
kinetic |
Released
(1:9.18.4-2ubuntu2)
|
|
lunar |
Released
(1:9.18.4-2ubuntu2)
|
|
mantic |
Released
(1:9.18.4-2ubuntu2)
|
|
trusty |
Released
(1:9.9.5.dfsg-3ubuntu0.19+esm7)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Released
(9.16.33,9.18.7,9.19.5)
|
|
xenial |
Released
(1:9.10.3.dfsg.P4-8ubuntu1.19+esm3)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
Patches: upstream: https://gitlab.isc.org/isc-projects/bind9/-/commit/e2014ba9e3b4236b0384ba17abfb2c9a155412f6 upstream: https://gitlab.isc.org/isc-projects/bind9/-/commit/bf2ea6d8525bfd96a84dad221ba9e004adb710a8 |
||
bind9-libs Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Needs triage
|
|
jammy |
Needs triage
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
isc-dhcp Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
focal |
Not vulnerable
(code not present)
|
|
jammy |
Not vulnerable
(code not present)
|
|
kinetic |
Ignored
(end of life, was needed)
|
|
lunar |
Ignored
(end of life, was needed)
|
|
mantic |
Needed
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code not present)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.3 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | Low |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |