Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-2795

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

Published

2022-09-21T11:15:09.470

Last Modified

2024-11-29T12:15:04.500

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	isc	bind	< 9.16.33	Yes
Application	isc	bind	< 9.18.7	Yes
Application	isc	bind	< 9.19.5	Yes
Application	isc	bind	9.9.3	Yes
Application	isc	bind	9.9.3	Yes
Application	isc	bind	9.9.12	Yes
Application	isc	bind	9.9.13	Yes
Application	isc	bind	9.10.5	Yes
Application	isc	bind	9.10.7	Yes
Application	isc	bind	9.11.3	Yes
Application	isc	bind	9.11.5	Yes
Application	isc	bind	9.11.5	Yes
Application	isc	bind	9.11.5	Yes
Application	isc	bind	9.11.5	Yes
Application	isc	bind	9.11.6	Yes
Application	isc	bind	9.11.7	Yes
Application	isc	bind	9.11.8	Yes
Application	isc	bind	9.11.12	Yes
Application	isc	bind	9.11.14-s1	Yes
Application	isc	bind	9.11.19-s1	Yes
Application	isc	bind	9.11.21	Yes
Application	isc	bind	9.11.27	Yes
Application	isc	bind	9.11.29	Yes
Application	isc	bind	9.11.35	Yes
Application	isc	bind	9.11.37	Yes
Application	isc	bind	9.16.8	Yes
Application	isc	bind	9.16.11	Yes
Application	isc	bind	9.16.13	Yes
Application	isc	bind	9.16.21	Yes
Application	isc	bind	9.16.32	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	debian	debian_linux	11.0	Yes
Operating System	fedoraproject	fedora	35	Yes
Operating System	fedoraproject	fedora	36	Yes
Operating System	fedoraproject	fedora	37	Yes

References

http://www.openwall.com/lists/oss-security/2022/09/21/3 Mailing List, Patch, Third Party Advisory ([email protected])
https://kb.isc.org/docs/cve-2022-2795 Patch, Vendor Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/ ([email protected])
https://security.gentoo.org/glsa/202210-25 Third Party Advisory ([email protected])
https://www.debian.org/security/2022/dsa-5235 Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2022/09/21/3 Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://kb.isc.org/docs/cve-2022-2795 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202210-25 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20241129-0002/ (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2022/dsa-5235 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)