CVE-2022-3094

Name of the Vulnerable Software and Affected Versions BIND 9 versions 9.16.0 through 9.16.36 BIND 9 versions 9.18.0 through 9.18.10 BIND 9 versions 9.19.0 through 9.19.8 BIND 9 versions 9.16.8-S1 through 9.16.36-S1

Description The issue is related to the allocation of large amounts of memory by named when sending a flood of dynamic DNS updates. This can cause named to exit due to a lack of free memory. The scope of this issue is limited to trusted clients who are permitted to make dynamic zone changes. Memory is allocated prior to the checking of access permissions and is retained during the processing of a dynamic update from a client whose access credentials are accepted. If a dynamic update is REFUSED, memory will be released again very quickly. Therefore, it is only likely to be possible to degrade or stop named by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome.

Recommendations For BIND 9 versions 9.16.0 through 9.16.36, update to a version that includes the fix for this issue. For BIND 9 versions 9.18.0 through 9.18.10, update to a version that includes the fix for this issue. For BIND 9 versions 9.19.0 through 9.19.8, update to a version that includes the fix for this issue. For BIND 9 versions 9.16.8-S1 through 9.16.36-S1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to dynamic updates to minimize the risk of exploitation.