CVE-2022-3924
Summary
| CVE | CVE-2022-3924 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-01-26 21:16:00 UTC |
|---|
| Updated | 2023-11-07 03:51:00 UTC |
|---|
| Description | This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients that are waiting for recursion to complete. If there are sufficient clients already waiting when a new client query is received so that it is necessary to SERVFAIL the longest waiting client (see BIND 9 ARM `recursive-clients` limit and soft quota), then it is possible for a race to occur between providing a stale answer to this older client and sending an early timeout SERVFAIL, which may cause an assertion failure. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1. |
|---|
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|
| Application |
Isc |
Bind |
All |
All |
All |
All |
| Application |
Isc |
Bind |
9.16.12 |
s1 |
All |
All |
| Application |
Isc |
Bind |
9.16.13 |
s1 |
All |
All |
| Application |
Isc |
Bind |
9.16.14 |
s1 |
All |
All |
| Application |
Isc |
Bind |
9.16.21 |
s1 |
All |
All |
| Application |
Isc |
Bind |
9.16.32 |
s1 |
All |
All |
| Application |
Isc |
Bind |
9.16.36 |
s1 |
All |
All |
References
| Reference | Source | Link | Tags |
|---|
| CVE-2022-3924: named configured to answer from stale cache may termina |
MISC |
kb.isc.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 15133 ISC BIND Assertion Failure Vulnerability
- 160610 Oracle Enterprise Linux Security Update for bind (ELSA-2023-2261)
- 160671 Oracle Enterprise Linux Security Update for bind9.16 (ELSA-2023-2792)
- 181506 Debian Security Update for bind9 (DSA 5329-1)
- 182437 Debian Security Update for bind9 (CVE-2022-3924)
- 199135 Ubuntu Security Notification for Bind Vulnerabilities (USN-5827-1)
- 241422 Red Hat Update for bind (RHSA-2023:2261)
- 241500 Red Hat Update for bind9.16 (RHSA-2023:2792)
- 283653 Fedora Security Update for bind (FEDORA-2023-95d98f89a8)
- 283685 Fedora Security Update for bind (FEDORA-2023-a3d608daf4)
- 284281 Fedora Security Update for bind (FEDORA-2023-f1accd4b37)
- 330142 IBM AIX Denial of Service (DoS) ISC BIND Vulnerability (bind_advisory23)
- 355145 Amazon Linux Security Advisory for bind : ALAS2023-2023-161
- 502648 Alpine Linux Security Update for bind
- 502710 Alpine Linux Security Update for bind
- 672936 EulerOS Security Update for bind (EulerOS-SA-2023-1776)
- 672958 EulerOS Security Update for bind (EulerOS-SA-2023-1754)
- 753669 SUSE Enterprise Linux Security Update for bind (SUSE-SU-2023:0341-1)
- 905386 Common Base Linux Mariner (CBL-Mariner) Security Update for bind (13221)
- 905392 Common Base Linux Mariner (CBL-Mariner) Security Update for bind (13227)
- 905651 Common Base Linux Mariner (CBL-Mariner) Security Update for bind (13221-1)
- 906568 Common Base Linux Mariner (CBL-Mariner) Security Update for bind (13221-3)
- 907317 Common Base Linux Mariner (CBL-Mariner) Security Update for bind (13227-1)
- 941004 AlmaLinux Security Update for bind (ALSA-2023:2261)
- 941073 AlmaLinux Security Update for bind9.16 (ALSA-2023:2792)
