CVE-2022-0396

Summary

CVE	CVE-2022-0396
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-03-23 11:15:00 UTC
Updated	2024-01-21 02:05:00 UTC
Description	BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.

Risk And Classification

Problem Types: CWE-404

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Fedoraproject	Fedora	34	All	All	All
Operating System	Fedoraproject	Fedora	35	All	All	All
Operating System	Fedoraproject	Fedora	36	All	All	All
Application	Isc	Bind	All	All	All	All
Application	Isc	Bind	All	All	All	All
Application	Isc	Bind	All	All	All	All
Hardware	Netapp	Baseboard Management Controller H300e	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H300e Firmware	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H300s	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H300s Firmware	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H410c	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H410c Firmware	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H410s	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H410s Firmware	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H500e	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H500e Firmware	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H500s	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H500s Firmware	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H700e	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H700e Firmware	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H700s	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H700s Firmware	-	All	All	All
Hardware	Netapp	H300e	-	All	All	All
Operating System	Netapp	H300e Firmware	-	All	All	All
Hardware	Netapp	H300s	-	All	All	All
Operating System	Netapp	H300s Firmware	-	All	All	All
Hardware	Netapp	H410c	-	All	All	All
Operating System	Netapp	H410c Firmware	-	All	All	All
Hardware	Netapp	H410s	-	All	All	All
Operating System	Netapp	H410s Firmware	-	All	All	All
Hardware	Netapp	H500e	-	All	All	All
Operating System	Netapp	H500e Firmware	-	All	All	All
Hardware	Netapp	H500s	-	All	All	All
Operating System	Netapp	H500s Firmware	-	All	All	All
Hardware	Netapp	H700e	-	All	All	All
Operating System	Netapp	H700e Firmware	-	All	All	All
Hardware	Netapp	H700s	-	All	All	All
Operating System	Netapp	H700s Firmware	-	All	All	All
Application	Siemens	Sinec Ins	All	All	All	All
Application	Siemens	Sinec Ins	1.0	-	All	All
Application	Siemens	Sinec Ins	1.0	sp1	All	All

References

Reference	Source	Link	Tags
CVE-2022-0396: DoS from specifically crafted TCP packets - Security Advisories	CONFIRM	kb.isc.org
ISC BIND: Multiple Vulnerabilities (GLSA 202210-25) — Gentoo security	GENTOO	security.gentoo.org
cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf	CONFIRM	cert-portal.siemens.com
[SECURITY] Fedora 36 Update: bind-dyndb-ldap-11.9-14.fc36 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 36 Update: bind-dyndb-ldap-11.9-14.fc36 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
March 2022 ISC BIND Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

15130 ISC BIND Denial of Service (DoS) Vulnerability
160219 Oracle Enterprise Linux Security Update for bind9.16 (ELSA-2022-7643)
160313 Oracle Enterprise Linux Security Update for bind (ELSA-2022-8068)
179144 Debian Security Update for bind9 (DSA 5105-1)
179155 Debian Security Update for bind9 (CVE-2022-0396)
198706 Ubuntu Security Notification for Bind Vulnerabilities (USN-5332-1)
240828 Red Hat Update for bind9.16 (RHSA-2022:7643)
240888 Red Hat Update for bind (RHSA-2022:8068)
282499 Fedora Security Update for bind (FEDORA-2022-427cfc50f8)
282526 Fedora Security Update for bind (FEDORA-2022-042d9c6146)
354384 Amazon Linux Security Advisory for bind : ALAS2022-2022-166
354410 Amazon Linux Security Advisory for bind : ALAS2022-2022-138
355147 Amazon Linux Security Advisory for bind : ALAS2023-2023-010
500062 Alpine Linux Security Update for bind
501383 Alpine Linux Security Update for bind
503872 Alpine Linux Security Update for bind
710661 Gentoo Linux ISC BIND Multiple Vulnerabilities (GLSA 202210-25)
752457 SUSE Enterprise Linux Security Update for bind (SUSE-SU-2022:2713-1)
900776 Common Base Linux Mariner (CBL-Mariner) Security Update for bind (9109)
901028 Common Base Linux Mariner (CBL-Mariner) Security Update for bind (9119)
902324 Common Base Linux Mariner (CBL-Mariner) Security Update for bind (9119-1)
940749 AlmaLinux Security Update for bind9.16 (ALSA-2022:7643)
940822 AlmaLinux Security Update for bind (ALSA-2022:8068)
960456 Rocky Linux Security Update for bind9.16 (RLSA-2022:7643)
960628 Rocky Linux Security Update for bind (RLSA-2022:8068)