CVE-2022-38178

2022-09-2100:00:00

ubuntu.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

72.3%

JSON

By spoofing the target resolver with responses that have a malformed EdDSA
signature, an attacker can trigger a small memory leak. It is possible to
gradually erode available memory to the point where named crashes for lack
of resources.

Notes

Author	Note
alexmurray	As of isc-dhcp-4.4.3-1, isc-dhcp vendors bind9 libs
leosilva	versions affected: 9.9.12 - 9.9.13, 9.10.7 - 9.10.8, 9.18.0 - 9.18.6, 9.19.0 - 9.19.4.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchbind9< 1:9.11.3+dfsg-1ubuntu1.18UNKNOWN
ubuntu20.04noarchbind9< 1:9.16.1-0ubuntu2.11UNKNOWN
ubuntu22.04noarchbind9< 1:9.18.1-1ubuntu1.2UNKNOWN
ubuntu22.10noarchbind9< 1:9.18.4-2ubuntu2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	bind9	< 1:9.11.3+dfsg-1ubuntu1.18	UNKNOWN
ubuntu	20.04	noarch	bind9	< 1:9.16.1-0ubuntu2.11	UNKNOWN
ubuntu	22.04	noarch	bind9	< 1:9.18.1-1ubuntu1.2	UNKNOWN
ubuntu	22.10	noarch	bind9	< 1:9.18.4-2ubuntu2	UNKNOWN