CVE & CISA-KEV Catalog

CVE-2022-30699

MEDIUM
6.5
CVSS v3
NVD

Description

NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.

How to fix

Remediation Available
unboundDebian
Fixed in:1.13.1-1+deb11u1CVE-2022-30699
Fixed in:1.16.2-1CVE-2022-30699
Fixed in:1.16.2-1CVE-2022-30699
Fixed in:1.16.2-1CVE-2022-30699
python3-unboundRocky
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
python3-unboundRed Hat / RHEL
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
python3-unbound-debuginfoRed Hat / RHEL
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
python3-unbound-debuginfoRocky
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
unboundRed Hat / RHEL
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
unboundRocky
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
unbound-debuginfoRocky
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
unbound-debuginfoRed Hat / RHEL
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
unbound-debugsourceRed Hat / RHEL
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
unbound-debugsourceRocky
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
unbound-develRed Hat / RHEL
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
unbound-develRocky
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
unbound-libsRed Hat / RHEL
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
unbound-libsRocky
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
unbound-libs-debuginfoRed Hat / RHEL
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
unbound-libs-debuginfoRocky
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
libunbound2Ubuntu
Fixed in:1.6.7-1ubuntu2.5USN-5569-1
libunbound8Ubuntu
Fixed in:1.9.4-2ubuntu1.3USN-5569-1
Fixed in:1.13.1-1ubuntu5.1USN-5569-1
unboundUbuntu
Fixed in:1.6.7-1ubuntu2.5USN-5569-1
Fixed in:1.9.4-2ubuntu1.3USN-5569-1
Fixed in:1.13.1-1ubuntu5.1USN-5569-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityNone
AvailabilityNone

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploit Intelligence

0.85%probability of exploitation in 30 days
54thpercentile

Moderate risk: more likely to be exploited than 54% of all known CVEs.

References

Related Vulnerabilities

Other CWE-613 vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2014-2595Critical9.817%--
CVE-2023-30403High7.515%--
CVE-2020-27422Critical9.87.8%--
CVE-2014-3616Medium4.35.7%-Fix
CVE-2021-3144Critical9.15.2%-Fix
CVE-2021-24019High8.13.8%-Fix
Embed a live status badge for CVE-2022-30699
CVE-2022-30699 severity badge

Markdown

[![CVE-2022-30699](https://tridentstack.com/cve/badge/CVE-2022-30699.svg)](https://tridentstack.com/cve/CVE-2022-30699)

HTML

<a href="https://tridentstack.com/cve/CVE-2022-30699"><img src="https://tridentstack.com/cve/badge/CVE-2022-30699.svg" alt="CVE-2022-30699"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.