Ubuntu.comUB:CVE-2022-38177CVE-2022-38177
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
59.2%
By spoofing the target resolver with responses that have a malformed ECDSA
signature, an attacker can trigger a small memory leak. It is possible to
gradually erode available memory to the point where named crashes for lack
of resources.
Notes
| Author | Note |
|---|---|
| alexmurray | As of isc-dhcp-4.4.3-1, isc-dhcp vendors bind9 libs |
| mdeslaur | affects 9.8.4 -> 9.16.32 |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | bind9 | < 1:9.11.3+dfsg-1ubuntu1.18 | UNKNOWN |
| ubuntu | 20.04 | noarch | bind9 | < 1:9.16.1-0ubuntu2.11 | UNKNOWN |
| ubuntu | 14.04 | noarch | bind9 | < 1:9.9.5.dfsg-3ubuntu0.19+esm7) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
| ubuntu | 16.04 | noarch | bind9 | < 1:9.10.3.dfsg.P4-8ubuntu1.19+esm3) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
59.2%