CVE-2022-2795
Published: 21 September 2022
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
Notes
Author | Note |
---|---|
alexmurray | As of isc-dhcp-4.4.3-1, isc-dhcp vendors bind9 libs |
mdeslaur | This is unlikely to affect isc-dhcp's use of bind9-libs and the vendored bind9 libs, marking as negligible |
Priority
Status
Package | Release | Status |
---|---|---|
isc-dhcp Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needed)
|
lunar |
Ignored
(end of life, was needed)
|
|
bionic |
Not vulnerable
(code not present)
|
|
focal |
Not vulnerable
(code not present)
|
|
jammy |
Not vulnerable
(code not present)
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code not present)
|
|
mantic |
Needed
|
|
bind9 Launchpad, Ubuntu, Debian |
kinetic |
Released
(1:9.18.4-2ubuntu2)
|
lunar |
Released
(1:9.18.4-2ubuntu2)
|
|
upstream |
Released
(9.16.33,9.18.7,9.19.5)
|
|
xenial |
Released
(1:9.10.3.dfsg.P4-8ubuntu1.19+esm3)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
bionic |
Released
(1:9.11.3+dfsg-1ubuntu1.18)
|
|
focal |
Released
(1:9.16.1-0ubuntu2.11)
|
|
jammy |
Released
(1:9.18.1-1ubuntu1.2)
|
|
trusty |
Released
(1:9.9.5.dfsg-3ubuntu0.19+esm7)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
mantic |
Released
(1:9.18.4-2ubuntu2)
|
|
Patches: upstream: https://gitlab.isc.org/isc-projects/bind9/-/commit/e2014ba9e3b4236b0384ba17abfb2c9a155412f6 (v9_18_7) upstream: https://gitlab.isc.org/isc-projects/bind9/-/commit/bf2ea6d8525bfd96a84dad221ba9e004adb710a8 (v9_16_33) |
||
bind9-libs Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
xenial |
Does not exist
|
|
bionic |
Does not exist
|
|
focal |
Needs triage
|
|
jammy |
Needs triage
|
|
mantic |
Does not exist
|
|
upstream |
Needs triage
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.3 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | Low |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |