CVE-2022-1183 : Security Advisory and Response

A detailed overview of CVE-2022-1183, a vulnerability in BIND affecting versions 9.18.0 through 9.18.2 and version 9.19.0, discovered by Thomas Amgarten from arcade solutions ag.

Understanding CVE-2022-1183

This section delves into the description, impact, technical details, and mitigation strategies related to CVE-2022-1183.

What is CVE-2022-1183?

CVE-2022-1183 is a vulnerability in BIND that can cause the named daemon to terminate with an assertion failure on configurations with certain HTTP references in the 'listen-on' statements in named.conf. It affects versions 9.18.0 through 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.

The Impact of CVE-2022-1183

The vulnerability has a CVSS base score of 7.5, indicating a high severity issue with the potential for a denial of service attack. Active exploits are not reported.

Technical Details of CVE-2022-1183

This section outlines the vulnerability description, affected systems, and exploitation mechanisms.

Vulnerability Description

The vulnerability is triggered when a TLS connection to an HTTP TLS listener with a defined endpoint is destroyed prematurely.

Affected Systems and Versions

BIND versions 9.18.0 through 9.18.2 and version 9.19.0 of the BIND 9.19 development branch are impacted.

Exploitation Mechanism

The attack complexity is low, with a network-based attack vector and high availability impact.

Mitigation and Prevention

Learn how to secure your systems against CVE-2022-1183 and prevent potential exploitation.

Immediate Steps to Take

Upgrade to the patched releases closest to your current version: BIND 9.18.3 or BIND 9.19.1.

Long-Term Security Practices

Regularly update BIND to the latest versions and follow security best practices to ensure a secure DNS environment.

Patching and Updates

Stay informed about security updates and apply patches promptly to mitigate the risk of exploitation.