ISC fixes High risk BIND vulnerability (CVE-2022-1183)

The Internet Systems Consortium (ISC) has released a security update that fixes a High risk vulnerability in multiple versions of ISC Berkeley Internet Name Domain (BIND).

BIND is the most widely used Domain Name System software on the Internet.

ISC patched the High risk ‘Destroying a TLS session early causes assertion failure’ vulnerability CVE-2022-1183 (CVSS 7.0).

“An assertion failure can be triggered if a TLS connection to a configured http TLS listener with a defined endpoint is destroyed too early,” ISC wrote in the advisory.

The issue affects BIND 9.18.0 -> 9.18.2 and 9.19.0 of the BIND 9.19 development branch.

Users and administrators should upgrade to BIND 9.18.3 (Current Stable) or BIND 9.19.1 (Development) as soon as possible.

Related Articles