CVE-2022-0667 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Denial of service
Description	In BIND 9.18.0 the recursive client code was refactored that introduced a "backstop lifetime timer". While BIND is processing a request for a DS record that needs to be forwarded, it waits until this processing is complete or until the backstop lifetime timer has timed out. When the resume_dslookup() function is called as a result of such a timeout, the function does not test whether the fetch has previously been shut down. This introduces the possibility of triggering an assertion failure, which could cause the BIND process to terminate.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2661	bind	9.18.0-1	9.18.1-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
04 Apr 2022	ASA-202204-5	AVG-2661	bind	High	multiple issues

References
https://kb.isc.org/docs/cve-2022-0667 https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5989 https://gitlab.isc.org/isc-projects/bind9/-/commit/7ba3a069355875409fadd0da094293cd08d7ccb6