Threat
Denial of Service via TLS Assertion Failure
Vulnerability
ISC BIND 9.18.0 < 9.18.3 Assertion Failure (CVE-2022-1183)1
- CVSS – 7.0 HIGH
- Vulnerability Publication Date 05/18/2022
- Exploitable – Remotely
Description
BIND is the most used DNS server software in use.2 CVE-2022-1183 allows for a TLS session to be terminated early, resulting in an assertion failure. BIND versions 9.18.0 -> 9.18.2 and 9.19.0 are affected and results in Denial of Service (DoS) and loss of system availability.
While the exploit appears to be easy and initiated remotely, there is currently no evidence that it is being actively exploited.3
Recommendations / Remediation
Contact FortifyData for a free risk assessment to learn if your organization is susceptible.
Upgrade to BIND 9.18.3 (Current Stable) or BIND 9.19.1 (Development).2
**These are generalized recommendations that may not be effective for all organizations and environments. **