Bug 2064514 (CVE-2022-0635) - CVE-2022-0635 bind: Lookups involving a DNAME could trigger an assertion failure when 'synth-from-dnssec' was enabled (which is the default)
Summary: CVE-2022-0635 bind: Lookups involving a DNAME could trigger an assertion fail...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2022-0635
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2064517
TreeView+ depends on / blocked
 
Reported: 2022-03-16 04:42 UTC by TEJ RATHI
Modified: 2022-05-23 23:29 UTC (History)
11 users (show)

Fixed In Version: bind 9.18.1
Doc Type: If docs needed, set a value
Doc Text:
An assertion check flaw was found in BIND, with a refactoration of RFC 8198 Aggressive Use of the DNSSEC-Validated Cache feature (synth-from-dnssec). The repeated patterns of specific queries to servers with this feature enabled could cause an INSIST failure in query.c:query_dname, which results in unexpected termination. This flaw allows a remote attacker to use a series of specific queries to trigger a failed assertion check that causes the named process to terminate, leading to a denial of service.
Clone Of:
Environment:
Last Closed: 2022-04-06 13:27:40 UTC


Attachments (Terms of Use)

Description TEJ RATHI 2022-03-16 04:42:13 UTC
We refactored the RFC 8198 Aggressive Use of DNSSEC-Validated Cache feature (synth-from-dnssec) for the new BIND 9.18.0 stable release, and changed the default so that is now automatically enabled for dnssec-validating resolvers. Subsequently it was found that repeated patterns of specific queries to servers with this feature enabled could cause an INSIST failure in query.c:query_dname which causes named to terminate unexpectedly.

The vulnerability affects BIND resolvers running 9.18.0 that have both dnssec-validation and synth-from-dnssec enabled. (Note that dnssec-validation auto; is the default setting unless configured otherwise in named.conf and that enabling dnssec-validation automatically enables synth-from-dnssec unless explicitly disabled)

Comment 4 Product Security DevOps Team 2022-04-06 13:27:38 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-0635


Note You need to log in before you can comment on or make changes to this bug.