CVE-2022-3080

CVE-2022-3080 affects ISC BIND: a DoS in named where a resolver can crash after receiving specially crafted queries when stale-cache/stale-answers options are used (zero stale-answer-timeout with a stale CNAME). Public advisories (IBM AIX, ALMAS/AlmaLinux, Cloud Foundry, Debian/Ubuntu notes) desc...

CVE-2022-3080 BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly

By sending specific queries to the resolver, an attacker can cause named to crash...

CVE-2022-3080 BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly

By sending specific queries to the resolver, an attacker can cause named to crash...

CVE-2022-38178

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...

CVE-2022-38178

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...

CVE-2022-3080

By sending specific queries to the resolver, an attacker can cause named to crash...

CVE-2022-38177

CVE-2022-38177 is a memory-leak vulnerability in ISC BIND's DNSSEC code (ECDSA) that can allow a remote attacker spoofing responses to exhaust memory and crash named. Affected BIND versions prior to patched releases are prone; remediation is to upgrade to patched builds (e.g., BIND 9.16.33-1 or n...

CVE-2022-38177

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...

CVE-2022-2795

CVE-2022-2795 is a DNS resolver vulnerability in BIND where flooding the resolver with specific queries can cause a denial of service by severely degrading resolver performance. The issue is associated with the BIND 9 series (notably 9.16.x, 9.18.x, and 9.19.x branches in various advisories) and ...

CVE-2022-2795 Processing large delegations may severely degrade resolver performance

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service...

CVE-2022-2795 Processing large delegations may severely degrade resolver performance

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service...

CVE-2022-2795

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service...

CVE-2022-2795

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service...

CVE-2022-2795

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service...

CVE-2022-3080

By sending specific queries to the resolver, an attacker can cause named to crash...

CVE-2022-38178

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...

CVE-2022-2795

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service...

ISC BIND 资源管理错误漏洞

ISC BIND is the United States ISC company's set of open source software that implements the DNS protocol. ISC BIND suffers from a denial-of-service vulnerability that stems from a flaw in the resolver code that could cause naming to take an inordinate amount of time to process large delegates,...

ISC BIND 数据伪造问题漏洞

ISC BIND is a suite of open source software that implements the DNS protocol from the US company ISC. A security vulnerability exists in BIND that originates from the use of a misformatted EdDSA signature that spoofs the target resolver, causing memory to crash due to insufficient resources. The...

UBUNTU-CVE-2022-38177

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...