BIND 9 DNS Resolver DoS via Query Flooding
CVE-2022-2795 Published on September 21, 2022
Processing large delegations may severely degrade resolver performance
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
Vulnerability Analysis
CVE-2022-2795 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.
Products Associated with CVE-2022-2795
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-2795 are published in these products:
Affected Versions
ISC BIND9:- Version Open Source Branches 9.0 through 9.16 9.0.0 through versions before 9.16.33 is affected.
- Version Open Source Branch 9.18 9.18.0 through versions before 9.18.7 is affected.
- Version Supported Preview Branches 9.9-S through 9.11-S 9.9.3-S1 through versions up to and including 9.11.37-S1 is affected.
- Version Supported Preview Branch 9.16-S 9.16.8-S1 through versions before 9.16.33-S1 is affected.
- Version Development Branch 9.19 9.19.0 through versions before 9.19.5 is affected.
- Version 9.0.0, <= 9.16.32 is affected.
- Version 9.9.3 and below 9.11.37 is affected.
- Version 9.16.8 and below 9.16.32 is affected.
- Version 9.19.0 and below 9.19.4 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.