CVE-2022-1183

Description

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected products

ISC / BIND9Open Source Branch 9.18 9.18.0 through versions before 9.18.3 – Open Source Branch 9.18 9.18.0 through versions before 9.18.3
ISC / BIND9Development Branch 9.19 9.19.0 – Development Branch 9.19 9.19.0

References

MISChttps://kb.isc.org/docs/cve-2022-1183
MISChttps://security.netapp.com/advisory/ntap-20220707-0002/