On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.
References
Link | Resource |
---|---|
https://kb.isc.org/docs/cve-2022-1183 | Vendor Advisory |
https://security.netapp.com/advisory/ntap-20220707-0002/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Information
Published : 2022-05-19 03:15
Updated : 2022-10-07 08:26
NVD link : CVE-2022-1183
Mitre link : CVE-2022-1183
JSON object : View
CWE
CWE-617
Reachable Assertion
Products Affected
netapp
- h410c_firmware
- h300s
- h500s
- h500s_firmware
- h410c
- h700s
- h410s_firmware
- h410s
- h700s_firmware
- h300s_firmware
isc
- bind