The vulnerability of the DNSSEC implementation on BIND servers allows attackers to perform a type of attack known as “denial-of-service attack”.

🗓️ 06 Oct 2022 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

DNSSEC on BIND has EdDSA verification flaw enabling remote denial of service.

Reporter	Title	Published	Views	Family All 485
IBM Security Bulletins	Security Bulletin: IBM Robotic Process Automation for Cloud Pak may be vulnerable to a denial of service due to ISC BIND (CVE-2022-38177, CVE-2022-38178).	8 Mar 202320:50	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in bind and dnsmasq affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products	26 Feb 202515:47	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in bind affects IBM Integrated Analytics System [CVE-2022-38178]	3 Jan 202310:54	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM includes multiple components with known vulnerabilities	13 Feb 202313:10	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities	26 Mar 202503:39	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps	26 Mar 202503:58	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs	26 Mar 202503:32	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in bind (CVE-2022-2795) affects Power HMC	11 Dec 202312:51	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in base image packages affect IBM Voice Gateway	1 Nov 202216:02	–	ibm
IBM Security Bulletins	Security Bulletin: ISC BIND on IBM i is vulnerable to denial of service due to memory leaks and a flaw in resolver code (CVE-2022-2795, CVE-2022-38177, CVE-2022-38178)	28 Nov 202220:43	–	ibm

Vulners

Node

red_hat red_hat_virtualizationMatch4

OR

internet_systems_consortium bindRange9.10.7–9.10.8

OR

internet_systems_consortium bindRange9.9.12–9.9.13

OR

internet_systems_consortium bindRange9.18.0–9.18.6

OR

internet_systems_consortium bindRange9.19.0–9.19.4

OR

internet_systems_consortium bindRange9.11.3–9.16.32

OR

red_hat red_hat_enterprise_linuxMatch7

OR

red_hat red_hat_enterprise_linuxMatch8

OR

fedora fedoraMatch35

OR

fedora fedoraMatch36

OR

red_hat red_hat_enterprise_linuxMatch9

OR

fedora fedoraMatch37

Source	Link
redos	www.redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-bind-cve-2022-2795-cve-2022-2881-cve-2022-2906-cve-2022-3080-cve-2022-381/
ubuntu	www.ubuntu.com/security/notices/USN-5626-1
openwall	www.openwall.com/lists/oss-security/2022/09/21/3
kb	www.kb.isc.org/docs/cve-2022-38178
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/
debian	www.debian.org/security/2022/dsa-5235
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-38178

12 Sep 2024 00:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 37.5

CVSS 27.8

EPSS0.01256

dns security extensions bind servers eddsa signature remote denial service signature verification flaw