CVE-2022-1183
Destroying a TLS session early causes assertion failure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.
En configuraciones vulnerables, el demonio nombrado puede, en algunas circunstancias, terminar con un fallo de aserción. Las configuraciones vulnerables son aquellas que incluyen una referencia a http dentro de las declaraciones listen-on en su named.conf. Tanto DNS sobre TLS (DoT) como DNS sobre HTTPS (DoH) usan TLS, pero las configuraciones que sólo usan DoT no están afectadas. Afecta a BIND versiones 9.18.0 -) 9.18.2 y versión 9.19.0 de la rama de desarrollo de BIND 9.19
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-03-30 CVE Reserved
- 2022-05-19 CVE Published
- 2023-12-10 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-617: Reachable Assertion
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20220707-0002 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://kb.isc.org/docs/cve-2022-1183 | 2022-10-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netapp Search vendor "Netapp" | H410c Firmware Search vendor "Netapp" for product "H410c Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H410c Search vendor "Netapp" for product "H410c" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H300s Firmware Search vendor "Netapp" for product "H300s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H300s Search vendor "Netapp" for product "H300s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H500s Firmware Search vendor "Netapp" for product "H500s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H500s Search vendor "Netapp" for product "H500s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H700s Firmware Search vendor "Netapp" for product "H700s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H700s Search vendor "Netapp" for product "H700s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H410s Firmware Search vendor "Netapp" for product "H410s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H410s Search vendor "Netapp" for product "H410s" | - | - |
Safe
|
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | >= 9.18.0 <= 9.18.2 Search vendor "Isc" for product "Bind" and version " >= 9.18.0 <= 9.18.2" | - |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.19.0 Search vendor "Isc" for product "Bind" and version "9.19.0" | - |
Affected
| ||||||