CVE-2022-3488

CVSS V2 None CVSS V3 None
Description
Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything that would cause the resolver to reject the query response, such as a mismatch between query and answer name. This issue affects BIND 9 versions 9.11.4-S1 through 9.11.37-S1 and 9.16.8-S1 through 9.16.36-S1.
Overview
  • CVE ID
  • CVE-2022-3488
  • Assigner
  • security-officer@isc.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-01-26T21:15:52
  • Last Modified Date
  • 2023-02-03T18:25:42
Weakness Enumerations
CWE URL
NVD-CWE-noinfo http://cwe.mitre.org/data/definitions/NVD-noinfo.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:isc:bind:9.11.4:s1:*:*:supported_preview:*:*:* 1 OR
cpe:2.3:a:isc:bind:9.11.37:s1:*:*:supported_preview:*:*:* 1 OR
cpe:2.3:a:isc:bind:9.16.8:s1:*:*:supported_preview:*:*:* 1 OR
cpe:2.3:a:isc:bind:9.16.36:s1:*:*:supported_preview:*:*:* 1 OR
References
Reference URL Reference Tags
https://kb.isc.org/docs/cve-2022-3488
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-3488
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3488
History
Created Old Value New Value Data Type Notes
2023-01-26 23:16:45 Added to TrackCVE
2023-01-27 15:14:46 2023-01-27T14:03:45 CVE Modified Date updated
2023-01-27 15:14:46 Received Awaiting Analysis Vulnerability Status updated
2023-02-03 13:14:35 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-02-03 19:15:59 2023-02-03T18:25:42 CVE Modified Date updated
2023-02-03 19:15:59 Undergoing Analysis Analyzed Vulnerability Status updated
2023-02-03 19:16:00 Weakness Enumeration new
2023-02-03 19:16:03 CPE Information updated