QwikSec

Security Database

CVE

CWE

Training

CVE-2022-2795

Published: Sep 21, 2022

Modified: Nov 29, 2024

PUBLISHED

CVSS v3.1

5.3

MEDIUM

Description

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

Vendor	Product	Versions
ISC	BIND9	affected `Open Source Branches 9.0 through 9.16 9.0.0 through versions before 9.16.33` affected `Open Source Branch 9.18 9.18.0 through versions before 9.18.7` affected `Supported Preview Branches 9.9-S through 9.11-S 9.9.3-S1 through versions up to and including 9.11.37-S1` affected `Supported Preview Branch 9.16-S 9.16.8-S1 through versions before 9.16.33-S1` affected `Development Branch 9.19 9.19.0 through versions before 9.19.5`

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

References

https://kb.isc.org/docs/cve-2022-2795

[oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)

mailing-list

vendor-advisory

FEDORA-2022-ef038365de

vendor-advisory

FEDORA-2022-8268735e06

vendor-advisory

FEDORA-2022-b197d64471

vendor-advisory

[debian-lts-announce] 20221005 [SECURITY] [DLA 3138-1] bind9 security update

mailing-list

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.