Unrated severityNVD Advisory· Published Jan 25, 2023· Updated Apr 1, 2025
named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries
CVE-2022-3736
Description
BIND 9 resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.
Affected products
39- osv-coords38 versionspkg:apk/chainguard/bindpkg:apk/chainguard/bind-devpkg:apk/chainguard/bind-dnssec-rootpkg:apk/chainguard/bind-dnssec-toolspkg:apk/chainguard/bind-docpkg:apk/chainguard/bind-libspkg:apk/chainguard/bind-pluginspkg:apk/chainguard/bind-toolspkg:apk/wolfi/bindpkg:apk/wolfi/bind-devpkg:apk/wolfi/bind-dnssec-rootpkg:apk/wolfi/bind-dnssec-toolspkg:apk/wolfi/bind-docpkg:apk/wolfi/bind-libspkg:apk/wolfi/bind-pluginspkg:apk/wolfi/bind-toolspkg:rpm/almalinux/bindpkg:rpm/almalinux/bind9.16pkg:rpm/almalinux/bind9.16-chrootpkg:rpm/almalinux/bind9.16-develpkg:rpm/almalinux/bind9.16-dnssec-utilspkg:rpm/almalinux/bind9.16-docpkg:rpm/almalinux/bind9.16-libspkg:rpm/almalinux/bind9.16-licensepkg:rpm/almalinux/bind9.16-utilspkg:rpm/almalinux/bind-chrootpkg:rpm/almalinux/bind-develpkg:rpm/almalinux/bind-dnssec-docpkg:rpm/almalinux/bind-dnssec-utilspkg:rpm/almalinux/bind-docpkg:rpm/almalinux/bind-libspkg:rpm/almalinux/bind-licensepkg:rpm/almalinux/bind-utilspkg:rpm/almalinux/python3-bindpkg:rpm/almalinux/python3-bind9.16pkg:rpm/opensuse/bind&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP4
< 9.18.11-r0+ 37 more
- (no CPE)range: < 9.18.11-r0
- (no CPE)range: < 9.18.11-r0
- (no CPE)range: < 9.18.11-r0
- (no CPE)range: < 9.18.11-r0
- (no CPE)range: < 9.18.11-r0
- (no CPE)range: < 9.18.11-r0
- (no CPE)range: < 9.18.11-r0
- (no CPE)range: < 9.18.11-r0
- (no CPE)range: < 9.18.11-r0
- (no CPE)range: < 9.18.11-r0
- (no CPE)range: < 9.18.11-r0
- (no CPE)range: < 9.18.11-r0
- (no CPE)range: < 9.18.11-r0
- (no CPE)range: < 9.18.11-r0
- (no CPE)range: < 9.18.11-r0
- (no CPE)range: < 9.18.11-r0
- (no CPE)range: < 32:9.16.23-11.el9
- (no CPE)range: < 32:9.16.23-0.14.el8
- (no CPE)range: < 32:9.16.23-0.14.el8
- (no CPE)range: < 32:9.16.23-0.14.el8
- (no CPE)range: < 32:9.16.23-0.14.el8
- (no CPE)range: < 32:9.16.23-0.14.el8
- (no CPE)range: < 32:9.16.23-0.14.el8
- (no CPE)range: < 32:9.16.23-0.14.el8
- (no CPE)range: < 32:9.16.23-0.14.el8
- (no CPE)range: < 32:9.16.23-11.el9
- (no CPE)range: < 32:9.16.23-11.el9
- (no CPE)range: < 32:9.16.23-11.el9
- (no CPE)range: < 32:9.16.23-11.el9
- (no CPE)range: < 32:9.16.23-11.el9
- (no CPE)range: < 32:9.16.23-11.el9
- (no CPE)range: < 32:9.16.23-11.el9
- (no CPE)range: < 32:9.16.23-11.el9
- (no CPE)range: < 32:9.16.23-11.el9
- (no CPE)range: < 32:9.16.23-0.14.el8
- (no CPE)range: < 9.16.37-150400.5.17.1
- (no CPE)range: < 9.16.37-150400.5.17.1
- (no CPE)range: < 9.16.37-150400.5.17.1
- ISC/BIND 9v5Range: 9.16.12
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- kb.isc.org/docs/cve-2022-3736mitrevendor-advisory
News mentions
0No linked articles in our index yet.