{
  "threat_severity" : "Important",
  "public_date" : "2022-09-21T00:00:00Z",
  "bugzilla" : {
    "description" : "bind: BIND 9 resolvers configured to answer from cache with zero stale-answer-timeout may terminate unexpectedly",
    "id" : "2128600",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2128600"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-20",
  "details" : [ "By sending specific queries to the resolver, an attacker can cause named to crash.", "A flaw was found in the Bind package, where the resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to 0 and there is a stale CNAME in the cache for an incoming query. By sending specific queries to the resolver, an attacker can cause named to crash." ],
  "statement" : "This issue affects versions 9.16.14 and higher of the Bind package. Therefore Red Hat Enterprise Linux 6 and 7 are not impacted.",
  "acknowledgement" : "Red Hat would like to thank Maksym Odinintsev for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-10-04T00:00:00Z",
    "advisory" : "RHSA-2022:6781",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "bind9.16-32:9.16.23-0.7.el8_6.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-10-03T00:00:00Z",
    "advisory" : "RHSA-2022:6763",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "bind-32:9.16.23-1.el9_0.1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "bind",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "bind",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "bind",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "dhcp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-3080\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3080\nhttps://kb.isc.org/docs/cve-2022-3080" ],
  "name" : "CVE-2022-3080",
  "csaw" : false
}