CVE & CISA-KEV Catalog

CVE-2022-3204

HIGH
7.5
CVSS v3
NVD

Description

A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the attack and the replies, different limits could be reached. From version 1.16.3 on, Unbound introduces fixes for better performance when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching and limiting the number of times a delegation point can issue a cache lookup for missing records.

How to fix

Remediation Available
unboundDebian
Fixed in:1.13.1-1+deb11u1CVE-2022-3204
Fixed in:1.16.3-1CVE-2022-3204
Fixed in:1.16.3-1CVE-2022-3204
Fixed in:1.16.3-1CVE-2022-3204
python3-unboundRocky
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
python3-unboundRed Hat / RHEL
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
python3-unbound-debuginfoRocky
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
python3-unbound-debuginfoRed Hat / RHEL
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
unboundRocky
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
unboundRed Hat / RHEL
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
unbound-debuginfoRed Hat / RHEL
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
unbound-debuginfoRocky
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
unbound-debugsourceRocky
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
unbound-debugsourceRed Hat / RHEL
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
unbound-develRed Hat / RHEL
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
unbound-develRocky
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
unbound-libsRed Hat / RHEL
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
unbound-libsRocky
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
unbound-libs-debuginfoRocky
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
unbound-libs-debuginfoRed Hat / RHEL
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.7.3-17.el8_6.5RHSA-2024:2045
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-5.el8RHSA-2023:2771
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
Fixed in:0:1.16.2-3.el9RHSA-2023:2370
libunbound2Ubuntu
Fixed in:1.6.7-1ubuntu2.6USN-5732-1
libunbound8Ubuntu
Fixed in:1.9.4-2ubuntu1.4USN-5732-1
Fixed in:1.13.1-1ubuntu5.3USN-5732-1
Fixed in:1.16.2-1ubuntu0.1USN-5732-1
unboundUbuntu
Fixed in:1.6.7-1ubuntu2.6USN-5732-1
Fixed in:1.9.4-2ubuntu1.4USN-5732-1
Fixed in:1.13.1-1ubuntu5.3USN-5732-1
Fixed in:1.16.2-1ubuntu0.1USN-5732-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

1.26%probability of exploitation in 30 days
66thpercentile

Moderate risk: more likely to be exploited than 66% of all known CVEs.

References

Related Vulnerabilities

Other CWE-400 (Resource Exhaustion) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2023-44487High7.5100%KEVFix
CVE-2021-44228Critical10.0100%KEV + RansomFix
CVE-2011-3192High7.899%-Fix
CVE-2019-11478Medium5.395%-Fix
CVE-2024-25617Medium5.389%-Fix
CVE-2018-1000115High7.589%-Fix
Embed a live status badge for CVE-2022-3204
CVE-2022-3204 severity badge

Markdown

[![CVE-2022-3204](https://tridentstack.com/cve/badge/CVE-2022-3204.svg)](https://tridentstack.com/cve/CVE-2022-3204)

HTML

<a href="https://tridentstack.com/cve/CVE-2022-3204"><img src="https://tridentstack.com/cve/badge/CVE-2022-3204.svg" alt="CVE-2022-3204"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-05-05.