Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

Trending KB Articles


BloxOne DDI-DNS is vulnerable to CVE-2022-0396

Mar 16, 2022•Knowledge

Infoblox BloxOne DDI-DNS is vulnerable to CVE-2022-0396


On March 16th’ 2022 ISC announced an issue in BIND that allows TCP connection slots to be consumed for an indefinite time frame via a specifically crafted TCP stream sent from a client. This issue is triggered in BloxOne DDI DNS-BIND servers as they have `keep-response-order` enabled. Since this parameter cannot be configured through the UI, the servers are vulnerable to this CVE.


When BIND is configured to disable processing of TCP queries in parallel (option "keep-response-order") can consume TCP connection slots indefinitely via a specifically crafted TCP stream sent by a client.

Program impacted: BIND
Severity: Medium
Exploitable: Remotely
CVSS Score: 4.9
CVSSVector:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RLSmiley Surprised/RC:C

Affected Versions

Current releases of BIND 9.16.11 to 9.16.26, 9.16.11-S to 9.16.26-S, 9.17.8 to 9.17.22 and 9.18.0 are all known to be affected by this issue.


Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.


There is no workaround to fix this issue from the CSP UI or through an API call.


Infoblox will be releasing a patch to fix this issue on 19th March’ 2022.
NOTE: You do have the option to defer this update to a time of your choosing to minimize any business impact this interruption may have.

Showing results for 
Search instead for 
Did you mean: