By sending specific queries to the resolver, an attacker can cause named to crash.

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2022-5cf67355ec advisory.

    - Upstream [release notes](https://downloads.isc.org/isc/bind9/9.18.7/RELEASE-NOTES-bind-9.18.7.html)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

An update of the bindutils package has been released.

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the bind-9.16.23-7.el9 build changelog.

  - BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 ->     9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including     Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL.
    The cache could become poisoned with incorrect records leading to queries being made to the wrong servers,     which might also result in false information being returned to clients. (CVE-2021-25220)

  - BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported     Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT     status for an indefinite period of time, even after the client has terminated the connection.
    (CVE-2022-0396)

  - By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the     resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
    (CVE-2022-2795)

  - By sending specific queries to the resolver, an attacker can cause named to crash. (CVE-2022-3080)

  - By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can     trigger a small memory leak. It is possible to gradually erode available memory to the point where named     crashes for lack of resources. (CVE-2022-38177)

  - By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can     trigger a small memory leak. It is possible to gradually erode available memory to the point where named     crashes for lack of resources. (CVE-2022-38178)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:6763 advisory.

  - By sending specific queries to the resolver, an attacker can cause named to crash. (CVE-2022-3080)

  - By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can     trigger a small memory leak. It is possible to gradually erode available memory to the point where named     crashes for lack of resources. (CVE-2022-38177)

  - By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can     trigger a small memory leak. It is possible to gradually erode available memory to the point where named     crashes for lack of resources. (CVE-2022-38178)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the     resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
    (CVE-2022-2795)

  - By sending specific queries to the resolver, an attacker can cause named to crash. (CVE-2022-3080)

  - Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in     turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has     been exploited. Memory is allocated prior to the checking of access permissions (ACLs) and is retained     during the processing of a dynamic update from a client whose access credentials are accepted. Memory     allocated to clients that are not permitted to send updates is released immediately upon rejection. The     scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone     changes. If a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only     likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates     comparable in magnitude to a query flood intended to achieve the same detrimental outcome. BIND 9.11 and     earlier branches are also affected, but through exhaustion of internal resources rather than memory     constraints. This may reduce performance but should not be a significant problem for most servers.
    Therefore we don't intend to address this for BIND versions prior to BIND 9.16. This issue affects BIND 9     versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through     9.16.36-S1. (CVE-2022-3094)

  - BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-     timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9     versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through     9.16.36-S1. (CVE-2022-3736)

  - By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can     trigger a small memory leak. It is possible to gradually erode available memory to the point where named     crashes for lack of resources. (CVE-2022-38177)

  - By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can     trigger a small memory leak. It is possible to gradually erode available memory to the point where named     crashes for lack of resources. (CVE-2022-38178)

  - This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option     `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many     queries that require recursion, there will be a corresponding increase in the number of clients that are     waiting for recursion to complete. If there are sufficient clients already waiting when a new client query     is received so that it is necessary to SERVFAIL the longest waiting client (see BIND 9 ARM `recursive-     clients` limit and soft quota), then it is possible for a race to occur between providing a stale answer     to this older client and sending an early timeout SERVFAIL, which may cause an assertion failure. This     issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and     9.16.12-S1 through 9.16.36-S1. (CVE-2022-3924)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-161 advisory.

    By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the     resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
    (CVE-2022-2795)

    A flaw was found in the Bind package, where the resolver can crash when stale cache and stale answers are     enabled, option stale-answer-client-timeout is set to 0 and there is a stale CNAME in the cache for an     incoming query. By sending specific queries to the resolver, an attacker can cause named to crash.
    (CVE-2022-3080)

    Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in     turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has     been exploited. Memory is allocated prior to the checking of access permissions (ACLs) and is retained     during the processing of a dynamic update from a client whose access credentials are accepted. Memory     allocated to clients that are not permitted to send updates is released immediately upon rejection. The     scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone     changes. If a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only     likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates     comparable in magnitude to a query flood intended to achieve the same detrimental outcome. BIND 9.11 and     earlier branches are also affected, but through exhaustion of internal resources rather than memory     constraints. This may reduce performance but should not be a significant problem for most servers.
    Therefore we don't intend to address this for BIND versions prior to BIND 9.16. This issue affects BIND 9     versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through     9.16.36-S1. (CVE-2022-3094)

    Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but     where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this     context is anything that would cause the resolver to reject the query response, such as a mismatch between     query and answer name. This issue affects BIND 9 versions 9.11.4-S1 through 9.11.37-S1 and 9.16.8-S1     through 9.16.36-S1. (CVE-2022-3488)

    A flaw was found in Bind, where a resolver crash is possible. When stale cache and stale answers are     enabled, the option stale-answer-client-timeout is set to a positive integer, and the resolver receives an     RRSIG query. (CVE-2022-3736)

    By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can     trigger a small memory leak. It is possible to gradually erode available memory to the point where named     crashes for lack of resources. (CVE-2022-38177)

    By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can     trigger a small memory leak. It is possible to gradually erode available memory to the point where named     crashes for lack of resources. (CVE-2022-38178)

    This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option     `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many     queries that require recursion, there will be a corresponding increase in the number of clients that are     waiting for recursion to complete. If there are sufficient clients already waiting when a new client query     is received so that it is necessary to SERVFAIL the longest waiting client (see BIND 9 ARM `recursive-     clients` limit and soft quota), then it is possible for a race to occur between providing a stale answer     to this older client and sending an early timeout SERVFAIL, which may cause an assertion failure. This     issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and     9.16.12-S1 through 9.16.36-S1. (CVE-2022-3924)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of bind installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3080 advisory.

  - By sending specific queries to the resolver, an attacker can cause named to crash. (CVE-2022-3080)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the     resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
    (CVE-2022-2795)

  - By sending specific queries to the resolver, an attacker can cause named to crash. (CVE-2022-3080)

  - By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can     trigger a small memory leak. It is possible to gradually erode available memory to the point where named     crashes for lack of resources. (CVE-2022-38177)

  - By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can     trigger a small memory leak. It is possible to gradually erode available memory to the point where named     crashes for lack of resources. (CVE-2022-38178)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178 ISC BIND is vulnerable to a denial of service, caused by a memory leak in the DNSSEC verification code for the EdDSA algorithm. By spoofing the target resolver with responses that have a malformed EdDSA signature, a remote attacker could exploit this vulnerability to cause named to crash. ISC BIND is vulnerable to a denial of service, caused by an error when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to 0 and there is a stale CNAME in the cache for an incoming query. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause named to crash. ISC BIND is vulnerable to a denial of service, caused by a small memory leak in the DNSSEC verification code for the ECDSA algorithm. By spoofing the target resolver with responses that have a malformed ECDSA signature, a remote attacker could exploit this vulnerability to cause named to crash. ISC BIND is vulnerable to a denial of service, caused by a flaw in resolver code. By flooding the target resolver with queries, a remote attacker could exploit this vulnerability to severely degrade the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:6781 advisory.

  - By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can     trigger a small memory leak. It is possible to gradually erode available memory to the point where named     crashes for lack of resources. (CVE-2022-38178)

  - By sending specific queries to the resolver, an attacker can cause named to crash. (CVE-2022-3080)

  - By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can     trigger a small memory leak. It is possible to gradually erode available memory to the point where named     crashes for lack of resources. (CVE-2022-38177)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:6763 advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202210-25 (ISC BIND: Multiple Vulnerabilities)

  - In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 ->     9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND     9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing     can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it     possible for its internal data structures to grow almost infinitely, which may cause significant delays in     client query processing. (CVE-2021-25219)

  - BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 ->     9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including     Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL.
    The cache could become poisoned with incorrect records leading to queries being made to the wrong servers,     which might also result in false information being returned to clients. (CVE-2021-25220)

  - BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported     Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT     status for an indefinite period of time, even after the client has terminated the connection.
    (CVE-2022-0396)

  - By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the     resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
    (CVE-2022-2795)

  - The underlying bug might cause read past end of the buffer and either read memory it should not read, or     crash the process. (CVE-2022-2881)

  - An attacker can leverage this flaw to gradually erode available memory to the point where named crashes     for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the     potential to deny service. (CVE-2022-2906)

  - By sending specific queries to the resolver, an attacker can cause named to crash. (CVE-2022-3080)

  - By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can     trigger a small memory leak. It is possible to gradually erode available memory to the point where named     crashes for lack of resources. (CVE-2022-38177)

  - By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can     trigger a small memory leak. It is possible to gradually erode available memory to the point where named     crashes for lack of resources. (CVE-2022-38178)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3767-1 advisory.

  - By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the     resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
    (CVE-2022-2795)

  - By sending specific queries to the resolver, an attacker can cause named to crash. (CVE-2022-3080)

  - By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can     trigger a small memory leak. It is possible to gradually erode available memory to the point where named     crashes for lack of resources. (CVE-2022-38177)

  - By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can     trigger a small memory leak. It is possible to gradually erode available memory to the point where named     crashes for lack of resources. (CVE-2022-38178)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6781 advisory.

    - Fix possible serve-stale related crash (CVE-2022-3080)
    - Fix memory leak in ECDSA verify processing (CVE-2022-38177)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6763 advisory.

    - Fix possible serve-stale related crash (CVE-2022-3080)
    - Fix memory leak in ECDSA verify processing (CVE-2022-38177)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6781 advisory.

    The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols.
    BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing     with DNS); and tools for verifying that the DNS server is operating correctly.

    Security Fix(es):

    * bind: BIND 9 resolvers configured to answer from cache with zero stale-answer-timeout may terminate     unexpectedly (CVE-2022-3080)

    * bind: memory leak in ECDSA DNSSEC verification code (CVE-2022-38177)

    * bind: memory leaks in EdDSA DNSSEC verification code (CVE-2022-38178)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6763 advisory.

    The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols.
    BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing     with DNS); and tools for verifying that the DNS server is operating correctly.

    Security Fix(es):

    * bind: BIND 9 resolvers configured to answer from cache with zero stale-answer-timeout may terminate     unexpectedly (CVE-2022-3080)

    * bind: memory leak in ECDSA DNSSEC verification code (CVE-2022-38177)

    * bind: memory leaks in EdDSA DNSSEC verification code (CVE-2022-38178)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5235 advisory.

  - By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the     resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
    (CVE-2022-2795)

  - By sending specific queries to the resolver, an attacker can cause named to crash. (CVE-2022-3080)

  - By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can     trigger a small memory leak. It is possible to gradually erode available memory to the point where named     crashes for lack of resources. (CVE-2022-38177)

  - By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can     trigger a small memory leak. It is possible to gradually erode available memory to the point where named     crashes for lack of resources. (CVE-2022-38178)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2022-3080 advisory.

  - By sending specific queries to the resolver, an attacker can cause named to crash. (CVE-2022-3080)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of bind installed on the remote host is prior to 9.16.33 / 9.18.7. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-264-01 advisory.

  - By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the     resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
    (CVE-2022-2795)

  - By sending specific queries to the resolver, an attacker can cause named to crash. (CVE-2022-3080)

  - By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can     trigger a small memory leak. It is possible to gradually erode available memory to the point where named     crashes for lack of resources. (CVE-2022-38177)

  - By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can     trigger a small memory leak. It is possible to gradually erode available memory to the point where named     crashes for lack of resources. (CVE-2022-38178)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5626-1 advisory.

    Yehuda Afek, Anat Bremler-Barr, and Shani Stajnrod discovered that Bind incorrectly handled large     delegations. A remote attacker could possibly use this issue to reduce performance, leading to a denial of     service. (CVE-2022-2795)

    It was discovered that Bind incorrectly handled statistics requests. A remote attacker could possibly use     this issue to obtain sensitive memory contents, or cause a denial of service. This issue only affected     Ubuntu 22.04 LTS. (CVE-2022-2881)

    It was discovered that Bind incorrectly handled memory when processing certain Diffie-Hellman key     exchanges. A remote attacker could use this issue to consume resources, leading to a denial of service.
    This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2906)

    Maksym Odinintsev discovered that Bind incorrectly handled answers from cache when configured with a zero     stale-answer-timeout. A remote attacker could possibly use this issue to cause Bind to crash, resulting in     a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-3080)

    It was discovered that Bind incorrectly handled memory when processing ECDSA DNSSEC verification. A remote     attacker could use this issue to consume resources, leading to a denial of service. This issue only     affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2022-38177)

    It was discovered that Bind incorrectly handled memory when processing EDDSA DNSSEC verification. A remote     attacker could use this issue to consume resources, leading to a denial of service. (CVE-2022-38178)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
211309	Fedora 38 : bind / bind-dyndb-ldap (2022-5cf67355ec)	Nessus	Fedora Local Security Checks	medium
203986	Photon OS 3.0: Bindutils PHSA-2022-3.0-0458	Nessus	PhotonOS Local Security Checks	high
203416	Photon OS 4.0: Bindutils PHSA-2022-4.0-0251	Nessus	PhotonOS Local Security Checks	high
191287	CentOS 9 : bind-9.16.23-7.el9	Nessus	CentOS Local Security Checks	medium
184581	Rocky Linux 9 : bind (RLSA-2022:6763)	Nessus	Rocky Linux Local Security Checks	high
176840	EulerOS Virtualization 2.11.0 : bind (EulerOS-SA-2023-2105)	Nessus	Huawei Local Security Checks	high
176819	EulerOS Virtualization 2.11.1 : bind (EulerOS-SA-2023-2053)	Nessus	Huawei Local Security Checks	high
174579	Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2023-161)	Nessus	Amazon Linux Local Security Checks	medium
173594	CBL Mariner 2.0 Security Update: bind (CVE-2022-3080)	Nessus	MarinerOS Local Security Checks	high
169548	EulerOS 2.0 SP11 : bind (EulerOS-SA-2023-1027)	Nessus	Huawei Local Security Checks	high
169547	EulerOS 2.0 SP11 : bind (EulerOS-SA-2023-1002)	Nessus	Huawei Local Security Checks	high
169317	AIX 7.2 TL 5 : bind (IJ44425)	Nessus	AIX Local Security Checks	high
169316	AIX 7.1 TL 5 : bind (IJ44422)	Nessus	AIX Local Security Checks	high
169315	AIX 7.3 TL 0 : bind (IJ44427)	Nessus	AIX Local Security Checks	high
167795	Rocky Linux 8 : bind9.16 (RLSA-2022:6781)	Nessus	Rocky Linux Local Security Checks	high
167675	AlmaLinux 9 : bind (ALSA-2022:6763)	Nessus	Alma Linux Local Security Checks	high
166720	GLSA-202210-25 : ISC BIND: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	high
166581	SUSE SLED15 / SLES15 : Recommended update for bind (SUSE-SU-2022:3767-1)	Nessus	SuSE Local Security Checks	high
165697	Oracle Linux 8 : bind9.16 (ELSA-2022-6781)	Nessus	Oracle Linux Local Security Checks	high
165661	Oracle Linux 9 : bind (ELSA-2022-6763)	Nessus	Oracle Linux Local Security Checks	high
165649	RHEL 8 : bind9.16 (RHSA-2022:6781)	Nessus	Red Hat Local Security Checks	high
165637	RHEL 9 : bind (RHSA-2022:6763)	Nessus	Red Hat Local Security Checks	high
165329	Debian DSA-5235-1 : bind9 - security update	Nessus	Debian Local Security Checks	high
165313	ISC BIND 9.16.14 < 9.16.33 / 9.16.14-S1 < 9.16.33-S1 / 9.18.0 < 9.18.7 / 9.19.0 < 9.19.5 Vulnerability (cve-2022-3080)	Nessus	DNS	high
165292	Slackware Linux 15.0 / current bind Multiple Vulnerabilities (SSA:2022-264-01)	Nessus	Slackware Local Security Checks	high
165290	Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Bind vulnerabilities (USN-5626-1)	Nessus	Ubuntu Local Security Checks	medium

Detections

Analytics

CVE-2022-3080

high

Tenable Plugins

medium

high

high

medium

high

high

high

medium

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

medium