CVE-2022-3736
Summary
| CVE | CVE-2022-3736 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-01-26 21:15:00 UTC |
| Updated | 2023-11-07 03:51:00 UTC |
| Description | BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Isc | Bind | All | All | All | All |
| Application | Isc | Bind | 9.16.11 | s1 | All | All |
| Application | Isc | Bind | 9.16.13 | s1 | All | All |
| Application | Isc | Bind | 9.16.14 | s1 | All | All |
| Application | Isc | Bind | 9.16.21 | s1 | All | All |
| Application | Isc | Bind | 9.16.32 | s1 | All | All |
| Application | Isc | Bind | 9.16.36 | s1 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2022-3736: named configured to answer from stale cache may termina | MISC | kb.isc.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 15133 ISC BIND Assertion Failure Vulnerability
- 160610 Oracle Enterprise Linux Security Update for bind (ELSA-2023-2261)
- 160671 Oracle Enterprise Linux Security Update for bind9.16 (ELSA-2023-2792)
- 181506 Debian Security Update for bind9 (DSA 5329-1)
- 183980 Debian Security Update for bind9 (CVE-2022-3736)
- 199135 Ubuntu Security Notification for Bind Vulnerabilities (USN-5827-1)
- 241422 Red Hat Update for bind (RHSA-2023:2261)
- 241500 Red Hat Update for bind9.16 (RHSA-2023:2792)
- 283653 Fedora Security Update for bind (FEDORA-2023-95d98f89a8)
- 283685 Fedora Security Update for bind (FEDORA-2023-a3d608daf4)
- 284281 Fedora Security Update for bind (FEDORA-2023-f1accd4b37)
- 330142 IBM AIX Denial of Service (DoS) ISC BIND Vulnerability (bind_advisory23)
- 355145 Amazon Linux Security Advisory for bind : ALAS2023-2023-161
- 502648 Alpine Linux Security Update for bind
- 502710 Alpine Linux Security Update for bind
- 672936 EulerOS Security Update for bind (EulerOS-SA-2023-1776)
- 672958 EulerOS Security Update for bind (EulerOS-SA-2023-1754)
- 753669 SUSE Enterprise Linux Security Update for bind (SUSE-SU-2023:0341-1)
- 905377 Common Base Linux Mariner (CBL-Mariner) Security Update for bind (13197)
- 905380 Common Base Linux Mariner (CBL-Mariner) Security Update for bind (13203)
- 905652 Common Base Linux Mariner (CBL-Mariner) Security Update for bind (13197-1)
- 906579 Common Base Linux Mariner (CBL-Mariner) Security Update for bind (13197-3)
- 907300 Common Base Linux Mariner (CBL-Mariner) Security Update for bind (13203-1)
- 941004 AlmaLinux Security Update for bind (ALSA-2023:2261)
- 941073 AlmaLinux Security Update for bind9.16 (ALSA-2023:2792)