Skip to main content

ISC Releases Security Advisories for Multiple Versions of BIND 9

Update for the Berkeley Internet Name Domain system

Report a cyber attack: call 0300 303 5222 or email carecert@nhsdigital.nhs.uk

Summary

Update for the Berkeley Internet Name Domain system


Threat details

Introduction

The Internet Systems Consortium (ISC) has released security updates that address four High and two Medium vulnerabilities in multiple version of ISC Berkeley Internet Name Domain (BIND). An attacker could exploit these vulnerabilities to cause a denial-of-service condition.


Remediation advice

Affected organisations are encouraged to review the ISC security advisories and apply the necessary updates or workarounds.


Remediation steps

Type Step
Patch

CVE-2022-38178: Memory leaks in EdDSA DNSSEC verification code


https://kb.isc.org/v1/docs/cve-2022-38178
Patch

CVE-2022-38177: Memory leak in ECDSA DNSSEC verification code


https://kb.isc.org/v1/docs/cve-2022-38177
Patch

CVE-2022-3080: BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly


https://kb.isc.org/v1/docs/cve-2022-3080
Patch

CVE-2022-2906: Memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs (OpenSSL 3.0.0+ only)


https://kb.isc.org/v1/docs/cve-2022-2906
Patch

CVE-2022-2795: Processing large delegations may severely degrade resolver performance


https://kb.isc.org/v1/docs/cve-2022-2795
Patch

CVE-2022-2881: Buffer overread in statistics channel code


https://kb.isc.org/v1/docs/cve-2022-2881

Last edited: 23 September 2022 12:18 pm