CVE-2022-1183 – This vulnerability causes the BIND DNS server t... (How to Fix)

Q: What is the severity of CVE-2022-1183?

CVE-2022-1183 has a CVSS score of 7.5 (HIGH). This vulnerability causes the BIND DNS server to crash with an assertion failure when configured with HTTP references in listen-on statements. It affects BIND servers using DNS over HTTPS (DoH) configurations, potentially causing denial of service. Only BIND 9.18.0-9.18.2 and 9.19.0 are affected.

📋 TL;DR

This vulnerability causes the BIND DNS server to crash with an assertion failure when configured with HTTP references in listen-on statements. It affects BIND servers using DNS over HTTPS (DoH) configurations, potentially causing denial of service. Only BIND 9.18.0-9.18.2 and 9.19.0 are affected.

💻 Affected Systems

Products:

ISC BIND

Versions: 9.18.0 through 9.18.2, and 9.19.0

Operating Systems: All operating systems running affected BIND versions

Default Config Vulnerable: ✅ No

Notes: Only configurations with HTTP references in listen-on statements are vulnerable. DNS over TLS (DoT) configurations are unaffected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

DNS service disruption leading to complete unavailability of DNS resolution for dependent services and applications.

🟠

Likely Case

Intermittent DNS server crashes causing temporary service outages until daemon restarts.

🟢

If Mitigated

Minimal impact with proper monitoring and automated restart mechanisms in place.

🌐 Internet-Facing: HIGH - Internet-facing DNS servers with vulnerable configurations can be crashed by attackers, causing widespread service disruption.

🏢 Internal Only: MEDIUM - Internal DNS servers could be crashed, but impact is contained within the organization.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability can be triggered by normal DNS queries to servers with vulnerable configurations, making exploitation straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: BIND 9.18.3 or later, or 9.19.1 for development branch

Vendor Advisory: https://kb.isc.org/docs/cve-2022-1183

Restart Required: Yes

Instructions:

1. Download and install BIND 9.18.3 or later from ISC. 2. Stop the named service. 3. Install the updated package. 4. Start the named service. 5. Verify the service is running correctly.

🔧 Temporary Workarounds

Remove HTTP references from configuration

all

Remove any HTTP references from listen-on statements in named.conf to prevent the assertion failure.

# Edit named.conf and remove HTTP references from listen-on statements
# Example: Change 'listen-on port 853 tls http { any; };' to 'listen-on port 853 tls { any; };'

Disable DoH functionality

all

Temporarily disable DNS over HTTPS functionality until patching can be completed.

# Comment out or remove DoH-related configuration lines in named.conf
# Example: Add '#' before 'http' in listen-on statements

🧯 If You Can't Patch

Implement monitoring and automated restart for named daemon crashes
Consider using DNS load balancing or redundant DNS servers to maintain service availability

🔍 How to Verify

Check if Vulnerable:

Check BIND version with 'named -v' and examine named.conf for HTTP references in listen-on statements.

Check Version:

named -v

Verify Fix Applied:

Verify BIND version is 9.18.3+ or 9.19.1+ and test DNS queries to ensure service remains stable.

📡 Detection & Monitoring

Log Indicators:

named daemon crashes with assertion failure messages
Error logs containing 'assertion failure' related to HTTP handling

Network Indicators:

Sudden drop in DNS query responses
Increased TCP RST packets from DNS server

SIEM Query:

source="bind" AND ("assertion failure" OR "named crashed" OR "SIGABRT")

📊 Metadata

CVE ID: CVE-2022-1183

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-617

Published: May 19, 2022

Last Updated: November 21, 2024

🔗 References

https://kb.isc.org/docs/cve-2022-1183 Vendor Advisory
https://security.netapp.com/advisory/ntap-20220707-0002/ Third Party Advisory
https://kb.isc.org/docs/cve-2022-1183 Vendor Advisory
https://security.netapp.com/advisory/ntap-20220707-0002/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1183, you might also want to check these: