In BIND 9.18.0 the recursive client code was refactored. This refactoring introduced a "backstop lifetime timer." While BIND is processing a request for a DS record that needs to be forwarded, it waits until this processing is complete or until the backstop lifetime timer has timed out. When the resume_dslookup() function is called as a result of such a timeout, the function does not test whether the fetch has previously been shut down. This introduces the possibility of triggering an assertion failure, which could cause the BIND process to terminate. Only the BIND 9.18 branch is affected.
BIND 9.18.0 were not yet released even on Fedora Rawhide, because bind-dyndb-ldap part of freeipa would be broken by that. It should be part of Fedora 37 starting with 9.18.1, where this issue would be fixed. Bug #2057493 is used as readiness tracker.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-0667