Lucene search
IscCVELIST:CVE-2022-2906HistorySep 21, 2022 - 10:15 a.m.
CVE-2022-2906 Memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs (OpenSSL 3.0.0+ only)
2022-09-2110:15:27
isc
www.cve.org
5
cve-2022-2906
memory leaks
openssl 3.0.0+
diffie-hellman
deny service
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.7
Confidence
High
EPSS
0.001
Percentile
47.5%
An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.
CNA Affected
[
{
"vendor": "ISC",
"product": "BIND9",
"versions": [
{
"version": "Open Source Branch 9.18 9.18.0 through versions before 9.18.7",
"status": "affected"
},
{
"version": "Development Branch 9.19 9.19.0 through versions before 9.19.5",
"status": "affected"
}
]
}
]Related
openvas
openvas
ISC BIND DoS Vulnerability (CVE-2022-2906) - Linux
2022-09-23 00:00:00
ISC BIND DoS Vulnerability (CVE-2022-2906) - Windows
2022-09-23 00:00:00
Ubuntu: Security Advisory (USN-5626-1)
2022-09-22 00:00:00
prion
prion
Code injection
2022-09-21 11:15:00
nessus
nessus
ISC BIND 9.18.0 < 9.18.7 / 9.19.0 < 9.19.5 Memory Exhaustion (cve-2022-2906)
2022-09-22 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Bind vulnerabilities (USN-5626-1)
2022-09-21 00:00:00
GLSA-202210-25 : ISC BIND: Multiple Vulnerabilities
2022-10-31 00:00:00
f5
f5
K44501040 : BIND vulnerability CVE-2022-2906
2022-10-03 00:00:00
osv
osv
CVE-2022-2906
2022-09-21 11:15:09
CGA-r5cx-vp7m-x957
2024-06-06 12:29:14
bind-9.18.7-1.1 on GA media
2024-06-15 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-09-25 05:19:25
ubuntucve
ubuntucve
CVE-2022-2906
2022-09-21 00:00:00
debiancve
debiancve
CVE-2022-2906
2022-09-21 11:15:09
alpinelinux
alpinelinux
CVE-2022-2906
2022-09-21 11:15:09
redhatcve
redhatcve
CVE-2022-2906
2022-09-21 12:49:01
nvd
nvd
CVE-2022-2906
2022-09-21 11:15:09
cve
cve
CVE-2022-2906
2022-09-21 11:15:09
cisa
cisa
ISC Releases Security Advisories for Multiple Versions of BIND 9
2022-09-22 00:00:00
redos
redos
ROS-20220929-01
2022-09-29 00:00:00
ubuntu
ubuntu
Bind vulnerabilities
2022-09-21 00:00:00
cloudfoundry
cloudfoundry
USN-5626-1: Bind vulnerabilities | Cloud Foundry
2022-10-28 00:00:00
gentoo
gentoo
ISC BIND: Multiple Vulnerabilities
2022-10-31 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.7
Confidence
High
EPSS
0.001
Percentile
47.5%
Related for CVELIST:CVE-2022-2906