Vulnerability Details : CVE-2022-3924

This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients that are waiting for recursion to complete. If there are sufficient clients already waiting when a new client query is received so that it is necessary to SERVFAIL the longest waiting client (see BIND 9 ARM `recursive-clients` limit and soft quota), then it is possible for a race to occur between providing a stale answer to this older client and sending an early timeout SERVFAIL, which may cause an assertion failure. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.
Published 2023-01-26 21:16:03
Updated 2025-03-31 14:15:17
Source Internet Systems Consortium (ISC)
View at NVD,   CVE.org

Products affected by CVE-2022-3924

  • ISC » Bind »
    Versions from including (>=) 9.18.0 and before (<) 9.18.11
    cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*
    Matching versions
  • ISC » Bind »
    Versions from including (>=) 9.19.0 and before (<) 9.19.9
    cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*
    Matching versions
  • ISC » Bind »
    Versions from including (>=) 9.16.12 and before (<) 9.16.37
    cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*
    Matching versions
  • ISC » Bind » Version: 9.16.13 Update S1 Supported Preview Edition
    cpe:2.3:a:isc:bind:9.16.13:s1:*:*:supported_preview:*:*:*
    Matching versions
  • ISC » Bind » Version: 9.16.21 Update S1 Supported Preview Edition
    cpe:2.3:a:isc:bind:9.16.21:s1:*:*:supported_preview:*:*:*
    Matching versions
  • ISC » Bind » Version: 9.16.32 Update S1 Supported Preview Edition
    cpe:2.3:a:isc:bind:9.16.32:s1:*:*:supported_preview:*:*:*
    Matching versions
  • ISC » Bind » Version: 9.16.14 Update S1 Supported Preview Edition
    cpe:2.3:a:isc:bind:9.16.14:s1:*:*:supported_preview:*:*:*
    Matching versions
  • ISC » Bind » Version: 9.16.36 Update S1 Supported Preview Edition
    cpe:2.3:a:isc:bind:9.16.36:s1:*:*:supported_preview:*:*:*
    Matching versions
  • ISC » Bind » Version: 9.16.12 Update S1 Supported Preview Edition
    cpe:2.3:a:isc:bind:9.16.12:s1:*:*:supported_preview:*:*:*
    Matching versions

Threat overview for CVE-2022-3924

Top countries where our scanners detected CVE-2022-3924
Top open port discovered on systems with this issue 53
IPs affected by CVE-2022-3924 99,203
Threat actors abusing to this issue? Yes
Find out if you* are affected by CVE-2022-3924!
*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2022-3924

EPSS FAQ
0.59%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 68 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-3924

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.5
 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.9
3.6
 NIST
7.5
 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.9
3.6
 Internet Systems Consortium (ISC)

CWE ids for CVE-2022-3924

  • The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
    Assigned by:
    • 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
    • nvd@nist.gov (Primary)

References for CVE-2022-3924

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close