HTTP Request Smuggling Affecting bind-export-libs package, versions <32:9.11.36-5.el8


0.0
medium

Snyk CVSS

    Attack Complexity Low
    Privileges Required High
    Scope Changed
    Integrity High

    Threat Intelligence

    EPSS 0.17% (54th percentile)
Expand this section
NVD
6.8 medium
Expand this section
SUSE
6.8 medium
Expand this section
Red Hat
6.8 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-CENTOS8-BINDEXPORTLIBS-2428379
  • published 17 Mar 2022
  • disclosed 16 Mar 2022

How to fix?

Upgrade Centos:8 bind-export-libs to version 32:9.11.36-5.el8 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream bind-export-libs package and not the bind-export-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.

References