Unrated severityNVD Advisory· Published May 19, 2022· Updated Sep 17, 2024

Destroying a TLS session early causes assertion failure

CVE-2022-1183

Description

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.

Affected products

osv-coords
pkg:rpm/opensuse/bind&distro=openSUSE%20Tumbleweed
Range: < 9.18.3-1.1
ISC/BIND9v5
Range: Open Source Branch 9.18 9.18.0 through versions before 9.18.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.isc.org/docs/cve-2022-1183mitrex_refsource_CONFIRM
security.netapp.com/advisory/ntap-20220707-0002/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000