DEBIAN-CVE-2022-3736

BIND 9 resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and...

ALPINE-CVE-2022-3736

BIND 9 resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and...

AZL-13203 CVE-2022-3736 affecting package bind for versions less than 9.16.37-2

BIND 9 resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and...

ISC BIND 9.16.12 < 9.16.37 / 9.16.12-S1 < 9.16.37-S1 / 9.18.0 < 9.18.11 / 9.19.0 < 9.19.9 Assertion Failure (cve-2022-3924)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2022-3924 advisory. - This issue can affect BIND 9 resolvers with stale-answer-enable yes; that also make use of the option...

CVE-2022-3924

This issue can affect BIND 9 resolvers with stale-answer-enable yes; that also make use of the option stale-answer-client-timeout, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clien...

CVE-2022-3924

This issue can affect BIND 9 resolvers with stale-answer-enable yes; that also make use of the option stale-answer-client-timeout, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clien...

CVE-2022-3924

CVE-2022-3924 is a vulnerability in ISC BIND where stale-answer-client-timeout (enabled with a positive value) can cause a race between returning a stale answer and an early SERVFAIL, potentially triggering an assertion failure and DoS. Affected are BIND 9.16.12–9.16.36, 9.18.0–9.18.10, 9.19.0–9....

UBUNTU-CVE-2022-3924

This issue can affect BIND 9 resolvers with stale-answer-enable yes; that also make use of the option stale-answer-client-timeout, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clien...

ISC BIND 安全漏洞

ISC BIND is a suite of open source software that implements the DNS protocol from the American company ISC. A security vulnerability exists in BIND versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, and 9.19.0 through 9.19.8, which arises from the fact that when stale caching and stale...

Upgraded Q -> M from #472 [1674665995647]

Judge has assessed an item in Issue 472 as M risk. The relevant finding follows: L-01 CHAINLINK AGGREGATOR IS NOT SUFFICIENTLY VALIDATED AND CAN RETURN STALE ANSWER As shown below, calling the getAssetPrice function in the ParaSpaceOracle contract can execute price = uint256source.latestAnswer,...

PT-2023-1380 · Answer · Answer

Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.4 Description: The issue is related to improper access control in the password reset procedure of the answer knowledge sharing service. This can allow a remote attacker to gain unauthorized access to...

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.9 and earlier

Summary This fix upgrades to socket.io 4.5.4, protobuf-java 3.21.9 and nodejs 14.21.1. Vulnerability Details CVEID:CVE-2022-41940 DESCRIPTION: Socket.IO Engine.IO is vulnerable to a denial of service, caused by an uncaught exception flaw. By sending a specially-crafted HTTP request, a remote...

Unsafe ERC20 operations due to lack of contract length check

Lines of code Vulnerability details Impact Functions executeERC20DirectTransfer and executeERC20TransferFrom replicates solmate libraries methods. The problem with this is that these functions does not check existence of code at the token address. If executeERC20DirectTransferand...

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.8 and earlier

Summary This fix upgrades to Websphere Liberty 22.0.0.10, NodeJs 14.20.1, Jackson 2.14.0-rc1, Protobuf 3.16.3, Apache commons-text 1.10.0 Vulnerability Details CVEID:CVE-2022-35256 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle header field...

The vulnerability of the DNS BIND server, related to insufficient validation of input data, allows attackers to execute DoS attacks.

The vulnerability of the DNS BIND server is related to insufficient validation of input data when processing the stale-answer-client-timeout parameter with a default value of 0, and the use of the CNAME record type in the cache for incoming requests. Exploiting this vulnerability allows an attack...

ROS-20220929-01

BIND DNS server vulnerability is related to boundary conditions when reusing HTTP connection when requesting statistics from a statistics channel. Exploitation of the vulnerability could allow an attacker, acting remotely, using a managed DNS server to cause a read error outside the boundary...

BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly

...

ISC BIND 注入漏洞

ISC BIND is a suite of open source software that implements the DNS protocol from the US company ISC. A security vulnerability exists in ISC BIND versions prior to 9.16.33, 9.18.x prior to 9.18.7, and 9.19.x prior to 9.19.5, which stems from the fact that when stale caching and stale answers are...

Chainlink oracle data feed is not further validated and can return stale answer

Lines of code Vulnerability details Impact Although the protocol recognizes that Chainlink oracles can provide outdated answers, using stale answers without further validation might not be a good practice. Moreover, in the updateExchangeRate function, where the latestRoundData method is used, the...

SUSE-SU-2022:2533-2 Security update for mozilla-nss

This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. bsc1192079. - FIPS: Add on-demand integrity tests through sftkFIPSRepeatIntegrityCheck...