{
  "threat_severity" : "Moderate",
  "public_date" : "2022-09-21T00:00:00Z",
  "bugzilla" : {
    "description" : "bind: processing large delegations may severely degrade resolver performance",
    "id" : "2128584",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2128584"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-770",
  "details" : [ "By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.", "A flaw was found in bind. When flooding the target resolver with special queries, an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service." ],
  "acknowledgement" : "Red Hat would like to thank Anat Bremler-Barr (Reichman University), Shani Stajnrod (Reichman University), and Yehuda Afek (Tel-Aviv University) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2023-01-24T00:00:00Z",
    "advisory" : "RHSA-2023:0402",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "bind-32:9.11.4-26.P2.el7_9.13"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-05-16T00:00:00Z",
    "advisory" : "RHSA-2023:2792",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "bind9.16-32:9.16.23-0.14.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-05-16T00:00:00Z",
    "advisory" : "RHSA-2023:3002",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "bind-32:9.11.36-8.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-05-16T00:00:00Z",
    "advisory" : "RHSA-2023:3002",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "bind-32:9.11.36-8.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Extended Update Support",
    "release_date" : "2024-05-07T00:00:00Z",
    "advisory" : "RHSA-2024:2720",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.6",
    "package" : "bind-32:9.11.36-3.el8_6.7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Extended Update Support",
    "release_date" : "2024-05-07T00:00:00Z",
    "advisory" : "RHSA-2024:2720",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.6",
    "package" : "dhcp-12:4.3.6-47.el8_6.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2261",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "bind-32:9.16.23-11.el9"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "bind",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "dhcp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-2795\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2795\nhttps://kb.isc.org/docs/cve-2022-2795" ],
  "name" : "CVE-2022-2795",
  "csaw" : false
}