{"containers":{"cna":{"affected":[{"product":"BIND9","vendor":"ISC","versions":[{"status":"affected","version":"Open Source Branch 9.18 9.18.0 through versions before 9.18.3"},{"status":"affected","version":"Development Branch 9.19 9.19.0"}]}],"credits":[{"lang":"en","value":"ISC would like to thank Thomas Amgarten from arcade solutions ag for bringing this vulnerability to our attention."}],"datePublic":"2022-05-18T00:00:00.000Z","descriptions":[{"lang":"en","value":"On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch."}],"exploits":[{"lang":"en","value":"We are not aware of any active exploits."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"description":"In BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch, an assertion failure can be triggered if a TLS connection to a configured http TLS listener with a defined endpoint is destroyed too early.","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2022-07-07T14:07:24.000Z","orgId":"404fd4d2-a609-4245-b543-2c944a302a22","shortName":"isc"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://kb.isc.org/docs/cve-2022-1183"},{"tags":["x_refsource_CONFIRM"],"url":"https://security.netapp.com/advisory/ntap-20220707-0002/"}],"solutions":[{"lang":"en","value":"Upgrade to the patched release most closely related to your current version of BIND: BIND 9.18.3 or BIND 9.19.1."}],"source":{"discovery":"EXTERNAL"},"title":"Destroying a TLS session early causes assertion failure","workarounds":[{"lang":"en","value":"No workarounds known."}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security-officer@isc.org","DATE_PUBLIC":"2022-05-18T13:36:59.000Z","ID":"CVE-2022-1183","STATE":"PUBLIC","TITLE":"Destroying a TLS session early causes assertion failure"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"BIND9","version":{"version_data":[{"version_name":"Open Source Branch 9.18","version_value":"9.18.0 through versions before 9.18.3"},{"version_name":"Development Branch 9.19","version_value":"9.19.0"}]}}]},"vendor_name":"ISC"}]}},"credit":[{"lang":"eng","value":"ISC would like to thank Thomas Amgarten from arcade solutions ag for bringing this vulnerability to our attention."}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch."}]},"exploit":[{"lang":"en","value":"We are not aware of any active exploits."}],"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"In BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch, an assertion failure can be triggered if a TLS connection to a configured http TLS listener with a defined endpoint is destroyed too early."}]}]},"references":{"reference_data":[{"name":"https://kb.isc.org/docs/cve-2022-1183","refsource":"CONFIRM","url":"https://kb.isc.org/docs/cve-2022-1183"},{"name":"https://security.netapp.com/advisory/ntap-20220707-0002/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20220707-0002/"}]},"solution":[{"lang":"en","value":"Upgrade to the patched release most closely related to your current version of BIND: BIND 9.18.3 or BIND 9.19.1."}],"source":{"discovery":"EXTERNAL"},"work_around":[{"lang":"en","value":"No workarounds known."}]}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T23:55:24.306Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://kb.isc.org/docs/cve-2022-1183"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20220707-0002/"}]}]},"cveMetadata":{"assignerOrgId":"404fd4d2-a609-4245-b543-2c944a302a22","assignerShortName":"isc","cveId":"CVE-2022-1183","datePublished":"2022-05-19T09:55:09.565Z","dateReserved":"2022-03-30T00:00:00.000Z","dateUpdated":"2024-09-17T04:00:26.575Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}