CVE-2022-3736

HIGH

ISC Bind < 9.16.37 - Improper Input Validation

Title source: rule

Description

BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.

References (1)

[Vendor Advisory] https://kb.isc.org/docs/cve-2022-3736

Scores

CVSS v3 7.5

EPSS 0.0102

EPSS Percentile 76.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-20

Status published

Affected Products (7)

isc/bind < 9.16.37

isc/bind

Timeline

Published Jan 26, 2023

Tracked Since Feb 18, 2026