CVE-2022-2795
Published: 21 September 2022
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
Notes
| Author | Note |
|---|---|
| alexmurray | As of isc-dhcp-4.4.3-1, isc-dhcp vendors bind9 libs |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
bind9 Launchpad, Ubuntu, Debian |
bionic |
Released
(1:9.11.3+dfsg-1ubuntu1.18)
|
| focal |
Released
(1:9.16.1-0ubuntu2.11)
|
|
| jammy |
Released
(1:9.18.1-1ubuntu1.2)
|
|
| kinetic |
Released
(1:9.18.4-2ubuntu2)
|
|
| lunar |
Released
(1:9.18.4-2ubuntu2)
|
|
| trusty |
Released
(1:9.9.5.dfsg-3ubuntu0.19+esm7)
|
|
| upstream |
Needs triage
|
|
| xenial |
Released
(1:9.10.3.dfsg.P4-8ubuntu1.19+esm3)
|
|
|
isc-dhcp Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| focal |
Not vulnerable
(code not present)
|
|
| jammy |
Not vulnerable
(code not present)
|
|
| kinetic |
Needed
|
|
| lunar |
Needed
|
|
| trusty |
Not vulnerable
(code not present)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code not present)
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.3 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | Low |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |