CVE-2022-1183

Name of the Vulnerable Software and Affected Versions BIND versions 9.18.0 through 9.18.2 BIND version 9.19.0

Description The issue is related to the use of the assert() function or similar operators in the named daemon of the DNS server BIND. Exploitation of this issue may allow a remote attacker to cause a denial of service. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. The issue affects configurations using DNS over HTTPS (DoH), but not those using DNS over TLS (DoT) alone.

Recommendations For BIND versions 9.18.0 through 9.18.2, update to version 9.18.3 or later. For BIND version 9.19.0, update to version 9.19.1 or later. As a temporary workaround, consider disabling the http reference in the listen-on statements in named.conf to minimize the risk of exploitation. Restrict access to the vulnerable named daemon to minimize the risk of exploitation. Avoid using the http protocol in the listen-on statements until the issue is resolved.