Bug 2128947 (CVE-2022-3204) - CVE-2022-3204 unbound: NRDelegation attack leads to uncontrolled resource consumption (Non-Responsive Delegation Attack)
Summary: CVE-2022-3204 unbound: NRDelegation attack leads to uncontrolled resource con...
Keywords:
Status: NEW
Alias: CVE-2022-3204
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2128964 2128965 2128953
Blocks: 2128841
TreeView+ depends on / blocked
 
Reported: 2022-09-22 04:37 UTC by Sandipan Roy
Modified: 2022-11-14 23:22 UTC (History)
44 users (show)

Fixed In Version: unbound 1.16.3
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in unbound. The attack can cause a resolver to spend a lot of time and resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. This issue can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation, leading to degraded performance and, eventually, a denial of service in orchestrated attacks.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Sandipan Roy 2022-09-22 04:37:19 UTC
The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks.

Upstream has issued an advisory today (September 21):
https://nlnetlabs.nl/downloads/unbound/CVE-2022-3204.txt

The issue is fixed upstream in 1.16.3:
https://github.com/NLnetLabs/unbound/releases/tag/release-1.16.3

Comment 1 TEJ RATHI 2022-09-22 05:30:56 UTC
Created unbound tracking bugs for this issue:

Affects: fedora-all [bug 2128953]


Note You need to log in before you can comment on or make changes to this bug.