[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

252271

 
 

909

 
 

196835

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2022-38178Date: (C)2022-09-22   (M)2024-02-07


By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.5CVSS Score :
Exploit Score: 3.9Exploit Score:
Impact Score: 3.6Impact Score:
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector:
Attack Complexity: LOWAccess Complexity:
Privileges Required: NONEAuthentication:
User Interaction: NONEConfidentiality:
Scope: UNCHANGEDIntegrity:
Confidentiality: NONEAvailability:
Integrity: NONE 
Availability: HIGH 
  
Reference:
DSA-5235
FEDORA-2022-8268735e06
FEDORA-2022-b197d64471
FEDORA-2022-ef038365de
GLSA-202210-25
https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html
http://www.openwall.com/lists/oss-security/2022/09/21/3
https://kb.isc.org/docs/cve-2022-38178
https://security.netapp.com/advisory/ntap-20221228-0009/

CPE    6
cpe:/a:isc:bind
cpe:/a:isc:bind:9.16.13:s1:~~supported_preview~~~
cpe:/a:isc:bind:9.11.29:s1:~~supported_preview~~~
cpe:/a:isc:bind:9.11.8:s1:~~supported_preview~~~
...
CWE    1
CWE-401
OVAL    37
oval:org.secpod.oval:def:88469
oval:org.secpod.oval:def:707727
oval:org.secpod.oval:def:507181
oval:org.secpod.oval:def:507180
...

© SecPod Technologies