CVE-2022-2795

MEDIUM

DNS Resolver - DoS

Title source: llm

Description

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

References (9)

[Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2022/09/21/3

[Patch, Vendor Advisory] https://kb.isc.org/docs/cve-2022-2795

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html

[Third Party Advisory] https://security.gentoo.org/glsa/202210-25

[Third Party Advisory] https://www.debian.org/security/2022/dsa-5235

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20241129-0002/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/

Scores

CVSS v3 5.3

EPSS 0.0051

EPSS Percentile 65.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Classification

Status published

Affected Products (33)

debian/debian_linux

isc/bind < 9.16.33

isc/bind

... and 18 more

Timeline

Published Sep 21, 2022

Tracked Since Feb 18, 2026