CVE-2022-0635

moderate-risk

Published 2022-03-23

Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check.

Do I need to act?

0.78% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (9)

Bind

H300S Firmware

H500S Firmware

H700S Firmware

H300E Firmware

H500E Firmware

H700E Firmware

H410S Firmware

H410C Firmware

Affected Vendors

Isc Netapp

References (4)

Mitigation https://kb.isc.org/v1/docs/cve-2022-0635

Third Party Advisory https://security.netapp.com/advisory/ntap-20220408-0001/

Mitigation https://kb.isc.org/v1/docs/cve-2022-0635

Third Party Advisory https://security.netapp.com/advisory/ntap-20220408-0001/

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 3/34 · Minimal

Exposure 15/34 · Moderate