Lucene search

K
nvd[email protected]NVD:CVE-2022-38177
HistorySep 21, 2022 - 11:15 a.m.

CVE-2022-38177

2022-09-2111:15:09
CWE-401
web.nvd.nist.gov
7
vulnerability
target resolver
memory exhaustion
ecdsa signature

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.003

Percentile

66.2%

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

Affected configurations

Nvd
Node
iscbindRange9.8.49.16.32-
OR
iscbindMatch9.9.3s1supported_preview
OR
iscbindMatch9.9.3s1supported_preview
OR
iscbindMatch9.9.12s1supported_preview
OR
iscbindMatch9.9.13s1supported_preview
OR
iscbindMatch9.10.5s1supported_preview
OR
iscbindMatch9.10.7s1supported_preview
OR
iscbindMatch9.11.3s1supported_preview
OR
iscbindMatch9.11.5s3supported_preview
OR
iscbindMatch9.11.5s3supported_preview
OR
iscbindMatch9.11.5s5supported_preview
OR
iscbindMatch9.11.5s6supported_preview
OR
iscbindMatch9.11.6s1supported_preview
OR
iscbindMatch9.11.7s1supported_preview
OR
iscbindMatch9.11.8s1supported_preview
OR
iscbindMatch9.11.12s1supported_preview
OR
iscbindMatch9.11.14-s1preview
OR
iscbindMatch9.11.19-s1preview
OR
iscbindMatch9.11.21s1supported_preview
OR
iscbindMatch9.11.27s1supported_preview
OR
iscbindMatch9.11.29s1supported_preview
OR
iscbindMatch9.11.35s1supported_preview
OR
iscbindMatch9.11.37s1supported_preview
OR
iscbindMatch9.16.8s1supported_preview
OR
iscbindMatch9.16.11s1supported_preview
OR
iscbindMatch9.16.13s1supported_preview
OR
iscbindMatch9.16.21s1supported_preview
OR
iscbindMatch9.16.32s1supported_preview
Node
debiandebian_linuxMatch10.0
OR
debiandebian_linuxMatch11.0
Node
fedoraprojectfedoraMatch35
OR
fedoraprojectfedoraMatch36
OR
fedoraprojectfedoraMatch37
Node
netappactive_iq_unified_managerMatch-vmware_vsphere
VendorProductVersionCPE
iscbind*cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*
iscbind9.9.3cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:supported_preview:*:*
iscbind9.9.3cpe:2.3:a:isc:bind:9.9.3:s1:*:*:supported_preview:*:*:*
iscbind9.9.12cpe:2.3:a:isc:bind:9.9.12:s1:*:*:supported_preview:*:*:*
iscbind9.9.13cpe:2.3:a:isc:bind:9.9.13:s1:*:*:supported_preview:*:*:*
iscbind9.10.5cpe:2.3:a:isc:bind:9.10.5:s1:*:*:supported_preview:*:*:*
iscbind9.10.7cpe:2.3:a:isc:bind:9.10.7:s1:*:*:supported_preview:*:*:*
iscbind9.11.3cpe:2.3:a:isc:bind:9.11.3:s1:*:*:supported_preview:*:*:*
iscbind9.11.5cpe:2.3:a:isc:bind:9.11.5:s3:*:*:*:supported_preview:*:*
iscbind9.11.5cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*
Rows per page:
1-10 of 341

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.003

Percentile

66.2%