QwikSec

Security Database

CVE

CWE

Training

CVE-2022-3080

Published: Sep 21, 2022

Modified: Sep 17, 2024

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

By sending specific queries to the resolver, an attacker can cause named to crash.

Vendor	Product	Versions
ISC	BIND9	affected `Open Source Branch 9.16 9.16.14 through versions before 9.16.33` affected `Open Source Branch 9.18 9.18.0 through versions before 9.18.7` affected `Supported Preview Branch 9.16-S 9.16.14-S1 through versions before 9.16.33-S1` affected `Development Branch 9.19 9.19.0 through versions before 9.19.5`

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://kb.isc.org/docs/cve-2022-3080

[oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)

mailing-list

vendor-advisory

FEDORA-2022-ef038365de

vendor-advisory

FEDORA-2022-8268735e06

vendor-advisory

FEDORA-2022-b197d64471

vendor-advisory

vendor-advisory

https://security.netapp.com/advisory/ntap-20240621-0002/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.