5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.9 Medium
AI Score
Confidence
Low
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver’s performance, effectively denying legitimate clients access to the DNS resolution service.
[
{
"vendor": "ISC",
"product": "BIND9",
"versions": [
{
"version": "Open Source Branches 9.0 through 9.16 9.0.0 through versions before 9.16.33",
"status": "affected"
},
{
"version": "Open Source Branch 9.18 9.18.0 through versions before 9.18.7",
"status": "affected"
},
{
"version": "Supported Preview Branches 9.9-S through 9.11-S 9.9.3-S1 through versions up to and including 9.11.37-S1",
"status": "affected"
},
{
"version": "Supported Preview Branch 9.16-S 9.16.8-S1 through versions before 9.16.33-S1",
"status": "affected"
},
{
"version": "Development Branch 9.19 9.19.0 through versions before 9.19.5",
"status": "affected"
}
]
}
]
www.openwall.com/lists/oss-security/2022/09/21/3
kb.isc.org/docs/cve-2022-2795
lists.debian.org/debian-lts-announce/2022/10/msg00007.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/
security.gentoo.org/glsa/202210-25
www.debian.org/security/2022/dsa-5235