CVE-2022-0667 - log back

CVE-2022-0667 edited at 05 Apr 2022 23:15:06
Description
- In BIND 9.18.0 the recursive client code was refactored. This refactoring introduced a "backstop lifetime timer". While BIND is processing a request for a DS record that needs to be forwarded, it waits until this processing is complete or until the backstop lifetime timer has timed out. When the resume_dslookup() function is called as a result of such a timeout, the function does not test whether the fetch has previously been shut down. This introduces the possibility of triggering an assertion failure, which could cause the BIND process to terminate.
+ In BIND 9.18.0 the recursive client code was refactored that introduced a "backstop lifetime timer". While BIND is processing a request for a DS record that needs to be forwarded, it waits until this processing is complete or until the backstop lifetime timer has timed out. When the resume_dslookup() function is called as a result of such a timeout, the function does not test whether the fetch has previously been shut down. This introduces the possibility of triggering an assertion failure, which could cause the BIND process to terminate.
CVE-2022-0667 edited at 05 Apr 2022 23:13:08
Severity
- Medium
+ High
CVE-2022-0667 edited at 05 Apr 2022 23:12:04
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ In BIND 9.18.0 the recursive client code was refactored. This refactoring introduced a "backstop lifetime timer". While BIND is processing a request for a DS record that needs to be forwarded, it waits until this processing is complete or until the backstop lifetime timer has timed out. When the resume_dslookup() function is called as a result of such a timeout, the function does not test whether the fetch has previously been shut down. This introduces the possibility of triggering an assertion failure, which could cause the BIND process to terminate.
References
+ https://kb.isc.org/docs/cve-2022-0667
+ https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5989
+ https://gitlab.isc.org/isc-projects/bind9/-/commit/7ba3a069355875409fadd0da094293cd08d7ccb6
CVE-2022-0667 created at 05 Apr 2022 23:09:27
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes