CVE-2022-1183

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.

Published: May 19, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-1183
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

CWE-617

Affected Software
References

Software	From	Fixed in
isc / bind	9.19.0	9.19.0.x
isc / bind	9.18.0	9.18.2.x

https://kb.isc.org/docs/cve-2022-1183
https://security.netapp.com/advisory/ntap-20220707-0002/

Vulnerability Database

289,697

CVE-2022-1183