CVE-2022-0396
MEDIUMBIND 9.16.11-9.16.26 and 9.17.0-9.18.0 - Denial of Service via CLOSE_WAIT Connection Exhaustion
Title source: llmDescription
BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.
References (5)
Core 5
Core References
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202210-25
Patch, Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
Mitigation, Vendor Advisory
https://kb.isc.org/v1/docs/cve-2022-0396
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220408-0001/
Scores
CVSS v3
5.3
EPSS
0.0011
EPSS Percentile
29.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-404
Status
published
Products (15)
fedoraproject/fedora
34
fedoraproject/fedora
35
fedoraproject/fedora
36
isc/bind
9.16.11 - 9.16.27 (2 CPE variants)
isc/bind
9.17.0 - 9.18.0
netapp/h300e_firmware
netapp/h300s_firmware
netapp/h410c_firmware
netapp/h410s_firmware
netapp/h500e_firmware
... and 5 more
Published
Mar 23, 2022
Tracked Since
Feb 18, 2026