CVE-2022-38178

Description

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

Related CPE's

aiscbind********

aiscbind9.11.7s1**supported_preview***

aiscbind9.11.3s1**supported_preview***

aiscbind9.11.6s1**supported_preview***

aiscbind9.11.5s5**supported_preview***

aiscbind9.11.5s3**supported_preview***

aiscbind9.11.5s3***supported_preview**

aiscbind9.11.5s6**supported_preview***

aiscbind9.11.12s1**supported_preview***

aiscbind9.11.8s1**supported_preview***

References

https://kb.isc.org/docs/cve-2022-38178

Mailing ListThird Party Advisory

[oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)

Mailing ListPatchThird Party Advisory

DSA-5235

Third Party Advisory

FEDORA-2022-ef038365de

Mailing ListThird Party Advisory

FEDORA-2022-8268735e06

Mailing ListThird Party Advisory

FEDORA-2022-b197d64471

[debian-lts-announce] 20221005 [SECURITY] [DLA 3138-1] bind9 security update

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io