CVE-2022-3204

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Unbound versions prior to 1.16.3

Description The issue is related to a Non-Responsive Delegation Attack (NRDelegation Attack) that affects various DNS resolving software, including Unbound. This attack involves a malicious delegation with a considerable number of non-responsive nameservers, causing the resolver to spend significant time and resources resolving records under the malicious delegation point. Although Unbound does not suffer from high CPU usage, it still requires resources to resolve the malicious delegation, which can lead to degraded performance and potentially a denial of service in orchestrated attacks.

Recommendations For Unbound versions prior to 1.16.3, update to version 1.16.3 or later, which introduces fixes for better performance when under load by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching, and limiting the number of times a delegation point can issue a cache lookup for missing records.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALSA-2023:2370

ALSA-2023:2771

ALT-PU-2022-2656

ALT-PU-2022-2684

ALT-PU-2022-2700

ALT-PU-2023-7205

AZL-11033

BDU:2023-03846

CESA-2023_2771

CVE-2022-3204

DLA-3371-1

MGASA-2022-0361

OESA-2022-1972

OPENSUSE-SU-2024:12368-1

RHSA-2023:2370

RHSA-2023:2771

RHSA-2023_2370

RHSA-2023_2771

RHSA-2024:2045

SUSE-SU-2024:1923-1

SUSE-SU-2024:1991-1

SUSE-SU-2024:1991-2

USN-5732-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Suse

Ubuntu

Unbound

CVE-2022-3204

Weakness Enumeration

Related Identifiers

Affected Products

References · 63