CVE-2022-0396

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.

CVSS v3 5.3 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf	Patch Third Party Advisory
https://kb.isc.org/v1/docs/cve-2022-0396	Mitigation Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/	Mailing List Third Party Advisory
https://security.gentoo.org/glsa/202210-25	Third Party Advisory
https://security.netapp.com/advisory/ntap-20220408-0001/	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:isc:bind:::::-:::*
	cpe:2.3:a:isc:bind:::::supported_preview:::*
	cpe:2.3:a:isc:bind::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:34:::::::*
	cpe:2.3:o:fedoraproject:fedora:35:::::::*
	cpe:2.3:o:fedoraproject:fedora:36:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 11 (hide)

OR	cpe:2.3:a:siemens:sinec_ins::::::::
	cpe:2.3:a:siemens:sinec_ins:1.0:-::::::
	cpe:2.3:a:siemens:sinec_ins:1.0:sp1::::::

History

21 Jan 2024, 02:05

Type	Values Removed	Values Added
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/ - Mailing List, Third Party Advisory

09 Nov 2023, 14:44

Type	Values Removed	Values Added
CPE	cpe:2.3:o:netapp:baseboard_management_controller_h500e_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h500s:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h410c_firmware:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h410s_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h300e_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h300e:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h700s_firmware:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h700e_firmware:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h500s_firmware:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h300s_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h410c:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h700e:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h500e:-:::::::*	cpe:2.3:h:netapp:h410c:-:::::::* cpe:2.3:h:netapp:h700s:-:::::::* cpe:2.3:h:netapp:h410s:-:::::::* cpe:2.3:o:netapp:h410s_firmware:-:::::::* cpe:2.3:o:netapp:h700e_firmware:-:::::::* cpe:2.3:o:netapp:h300s_firmware:-:::::::* cpe:2.3:h:netapp:h300s:-:::::::* cpe:2.3:o:netapp:h410c_firmware:-:::::::* cpe:2.3:h:netapp:h500s:-:::::::* cpe:2.3:o:netapp:h700s_firmware:-:::::::* cpe:2.3:o:netapp:h500s_firmware:-:::::::* cpe:2.3:h:netapp:h700e:-:::::::* cpe:2.3:h:netapp:h500e:-:::::::* cpe:2.3:h:netapp:h300e:-:::::::* cpe:2.3:o:netapp:h300e_firmware:-:::::::* cpe:2.3:o:netapp:h500e_firmware:-:::::::*
First Time		Netapp h700e Firmware Netapp h500s Firmware Netapp h500e Netapp h410c Netapp h700s Firmware Netapp h300e Netapp h300s Firmware Netapp h500s Netapp h300e Firmware Netapp h700s Netapp h410s Netapp h410c Firmware Netapp h500e Firmware Netapp h700e Netapp h300s Netapp h410s Firmware

07 Nov 2023, 03:41

Type	Values Removed	Values Added
References	{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/', 'name': 'FEDORA-2022-14e36aac0c', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/ -

16 Nov 2022, 19:31

Type	Values Removed	Values Added
References	~~(GENTOO) https://security.gentoo.org/glsa/202210-25 -~~	(GENTOO) https://security.gentoo.org/glsa/202210-25 - Third Party Advisory

31 Oct 2022, 04:15

Type	Values Removed	Values Added
References		(GENTOO) https://security.gentoo.org/glsa/202210-25 -

29 Oct 2022, 02:44

Type	Values Removed	Values Added
First Time		Siemens Siemens sinec Ins
CPE		cpe:2.3:a:siemens:sinec_ins:::::::: cpe:2.3:a:siemens:sinec_ins:1.0:-:::::: cpe:2.3:a:siemens:sinec_ins:1.0:sp1::::::
References	~~(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf -~~	(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf - Patch, Third Party Advisory

13 Sep 2022, 12:15

Type	Values Removed	Values Added
References		(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf -

03 Jun 2022, 16:09

Type	Values Removed	Values Added
CPE		cpe:2.3:o:netapp:baseboard_management_controller_h410s_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h300e:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h500s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h700e:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h700s_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h500e:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h300s_firmware:-:::::::* cpe:2.3:o:fedoraproject:fedora:35:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h500e_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h410c_firmware:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h500s_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h410c:-:::::::* cpe:2.3:o:fedoraproject:fedora:34:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h300e_firmware:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h700e_firmware:-:::::::*
First Time		Netapp baseboard Management Controller H410s Firmware Netapp baseboard Management Controller H500e Firmware Netapp baseboard Management Controller H300s Netapp baseboard Management Controller H700s Netapp baseboard Management Controller H700s Firmware Netapp baseboard Management Controller H700e Netapp Netapp baseboard Management Controller H410c Firmware Netapp baseboard Management Controller H500s Firmware Netapp baseboard Management Controller H410c Netapp baseboard Management Controller H300s Firmware Netapp baseboard Management Controller H700e Firmware Netapp baseboard Management Controller H410s Netapp baseboard Management Controller H500s Netapp baseboard Management Controller H300e Firmware Netapp baseboard Management Controller H500e Netapp baseboard Management Controller H300e
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20220408-0001/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20220408-0001/ - Third Party Advisory

08 Apr 2022, 23:15

Type	Values Removed	Values Added
References		(CONFIRM) https://security.netapp.com/advisory/ntap-20220408-0001/ -

29 Mar 2022, 17:36

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.3 v3 : 5.3
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/ - Mailing List, Third Party Advisory
References	~~(CONFIRM) https://kb.isc.org/v1/docs/cve-2022-0396 -~~	(CONFIRM) https://kb.isc.org/v1/docs/cve-2022-0396 - Mitigation, Vendor Advisory
First Time		Fedoraproject Fedoraproject fedora Isc Isc bind
CPE		cpe:2.3:o:fedoraproject:fedora:36:::::::* cpe:2.3:a:isc:bind:::::supported_preview:::* cpe:2.3:a:isc:bind:::::::: cpe:2.3:a:isc:bind:::::-:::*
CWE		CWE-404

26 Mar 2022, 19:15

Type	Values Removed	Values Added
References		(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/ -

23 Mar 2022, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-03-23 11:15

Updated : 2024-01-21 02:05

NVD link : CVE-2022-0396

Mitre link : CVE-2022-0396

CVE.ORG link : CVE-2022-0396

JSON object : View

Products Affected

netapp

h700e
h700s_firmware
h500s_firmware
h700s
h410c_firmware
h700e_firmware
h300e_firmware
h300s_firmware
h500e_firmware
h500s
h410c
h410s_firmware
h300e
h410s
h300s
h500e

siemens

sinec_ins

fedoraproject

fedora

isc

bind

CWE

CWE-404

Improper Resource Shutdown or Release

5.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2022-0396

5.3^/10

4.3^/10

Attach tags to `CVE-2022-0396`