Launchpad.net

CVE 2022-3924

This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients that are waiting for recursion to complete. If there are sufficient clients already waiting when a new client query is received so that it is necessary to SERVFAIL the longest waiting client (see BIND 9 ARM `recursive-clients` limit and soft quota), then it is possible for a race to occur between providing a stale answer to this older client and sending an early timeout SERVFAIL, which may cause an assertion failure. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.

Related bugs and status

CVE-2022-3924 (Candidate) is related to these bugs:

Bug #1258003: DiG crashes on +nssearch with +tcp in bind9 9.18

		In	Importance	Status
1258003	DiG crashes on +nssearch with +tcp in bind9 9.18	bind9 (Ubuntu)	High	Fix Released
1258003	DiG crashes on +nssearch with +tcp in bind9 9.18	bind9 (Ubuntu Jammy)	High	Fix Released
1258003	DiG crashes on +nssearch with +tcp in bind9 9.18	bind9 (Ubuntu Kinetic)	Undecided	Fix Released

Bug #1970252: The `dig` and `host` commands core dump or give incomplete results in Ubuntu 22.04

		In	Importance	Status
1970252	The `dig` and `host` commands core dump or give incomplete results in Ubuntu 22.04	bind9 (Ubuntu)	High	Fix Released
1970252	The `dig` and `host` commands core dump or give incomplete results in Ubuntu 22.04	bind9 (Ubuntu Jammy)	High	Fix Released
1970252	The `dig` and `host` commands core dump or give incomplete results in Ubuntu 22.04	bind9 (Ubuntu Kinetic)	High	Fix Released

Bug #2003584: Add better DEP-8 tests

		In	Importance	Status
2003584	Add better DEP-8 tests	bind9 (Ubuntu)	Undecided	Fix Released
2003584	Add better DEP-8 tests	bind9 (Ubuntu Kinetic)	Undecided	Fix Released
2003584	Add better DEP-8 tests	bind9 (Ubuntu Focal)	Undecided	New
2003584	Add better DEP-8 tests	bind9 (Ubuntu Jammy)	Undecided	Fix Released

Bug #2003586: MRE Updates 9.18.12 / 9.16.39

		In	Importance	Status
2003586	MRE Updates 9.18.12 / 9.16.39	bind9 (Ubuntu)	Undecided	Fix Released
2003586	MRE Updates 9.18.12 / 9.16.39	bind9 (Ubuntu Kinetic)	Undecided	Fix Released
2003586	MRE Updates 9.18.12 / 9.16.39	bind9 (Ubuntu Focal)	Undecided	Fix Released
2003586	MRE Updates 9.18.12 / 9.16.39	bind9 (Ubuntu Jammy)	Undecided	Fix Released
2003586	MRE Updates 9.18.12 / 9.16.39	bind-dyndb-ldap (Ubuntu)	Undecided	Fix Released
2003586	MRE Updates 9.18.12 / 9.16.39	bind-dyndb-ldap (Ubuntu Jammy)	Undecided	Fix Released
2003586	MRE Updates 9.18.12 / 9.16.39	bind-dyndb-ldap (Ubuntu Kinetic)	Undecided	Fix Released

Bug #2006410: [Debian] CVE: CVE-2022-3094 / CVE-2022-3736 / CVE-2022-3924: bind: multiple CVEs

Summary				In	Importance	Status
	2006410	[Debian] CVE: CVE-2022-3094 / CVE-2022-3736 / CVE-2022-3924: bind: multiple CVEs		StarlingX	High	Fix Released

Bug #2006972: bind9 can't load preinstalled plugins

		In	Importance	Status
2006972	bind9 can't load preinstalled plugins	bind9 (Ubuntu)	Undecided	Fix Released
2006972	bind9 can't load preinstalled plugins	bind9 (Ubuntu Jammy)	Undecided	Fix Released
2006972	bind9 can't load preinstalled plugins	bind9 (Ubuntu Lunar)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://kb.isc.org/doc...