MiracleLinux 9 : bind-9.16.23-1.el9.1 (AXSA:2022-4081:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4081:05 advisory. bind: BIND 9 resolvers configured to answer from cache with zero stale-answer-timeout may terminate unexpectedly CVE-2022-3080 bind: memory leak in...

ISC BIND 9 Vulnerable to Denial-of-Service (DoS) via Memory Leaks in EdDSA DNSSEC Verification (CVE-2022-38178)

BIND 9 is vulnerable to a denial-of-service DoS issue due to the presence of a memory leak flaw in the DNSSEC verification code for the EdDSA algorithm that can occur when there is a signature length mismatch. An attacker could spoof the target resolver with responses that have malformed EdDSA...

Scientific Linux Security Update : bind on SL7.x i686/x86_64 (2022:6765)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:6765-1 advisory. - bind: memory leak in ECDSA DNSSEC verification code CVE-2022-38177 - bind: memory leaks in EdDSA DNSSEC verification code CVE-2022-38178 Note...

RHEL 8 : bind (RHSA-2022:6778)

"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6778 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...

bind: memory leaks in EdDSA DNSSEC verification code

A flaw was found in the Bind package, where the DNSSEC verification code for the EdDSA algorithm leaks memory when there is a signature length mismatch. By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak, resulting in...