CVE-2022-2795

NameCVE-2022-2795
DescriptionBy flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3138-1, DSA-5235-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bind9 (PTS)bullseye1:9.16.50-1~deb11u2fixed
bullseye (security)1:9.16.50-1~deb11u1fixed
bookworm, bookworm (security)1:9.18.28-1~deb12u2fixed
trixie1:9.20.4-2fixed
sid1:9.20.4-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bind9sourcebuster1:9.11.5.P4+dfsg-5.1+deb10u8DLA-3138-1
bind9sourcebullseye1:9.16.33-1~deb11u1DSA-5235-1
bind9source(unstable)1:9.18.7-1

Notes

https://kb.isc.org/docs/cve-2022-2795
Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/e2014ba9e3b4236b0384ba17abfb2c9a155412f6 (v9_18_7)
Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/bf2ea6d8525bfd96a84dad221ba9e004adb710a8 (v9_16_33)

Search for package or bug name: Reporting problems