Vulnerability Details CVE-2022-1183
On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 4.3
References
Products affected by CVE-2022-1183
-
cpe:2.3:a:isc:bind:9.18.0
-
cpe:2.3:a:isc:bind:9.18.1
-
cpe:2.3:a:isc:bind:9.18.2
-
cpe:2.3:a:isc:bind:9.19.0
-
cpe:2.3:h:netapp:h300s:-
-
cpe:2.3:h:netapp:h410c:-
-
cpe:2.3:h:netapp:h410s:-
-
cpe:2.3:h:netapp:h500s:-
-
cpe:2.3:h:netapp:h700s:-
-
cpe:2.3:o:netapp:h300s_firmware:-
-
cpe:2.3:o:netapp:h410c_firmware:-
-
cpe:2.3:o:netapp:h410s_firmware:-
-
cpe:2.3:o:netapp:h500s_firmware:-
-
cpe:2.3:o:netapp:h700s_firmware:-