CVE-2022-2881

CWE-125 — Out-of-bounds Read CWE-126 — Buffer Over-read8 documents7 sources

Severity

8.2HIGH

EPSS

3.3%

top 12.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind ISC Bind9

Timeline

PublishedSep 21

Latest updateSep 22

Description

The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:HExploitability: 1.2 | Impact: 4.2

Affected Packages4 packages

▶NVDisc/bind9.18.0 — 9.18.7+1

▶Debianbind9< 1:9.18.7-1+2

▶Ubuntubind9< 1:9.11.3+dfsg-1ubuntu1.18+2

▶CVEListV5isc/bind9Development Branch 9.19 9.19.0 through versions before 9.19.5, Open Source Branch 9.18 9.18.0 through versions before 9.18.7+1

Patches

Patch: www.openwall.com ↗Patch: kb.isc.org ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-gjh8-h6gp-pqgr: The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process↗2022-09-22

▶

CVEList

Buffer overread in statistics channel code↗2022-09-21

▶

OSV

bind9 vulnerabilities↗2022-09-21

▶

OSV

CVE-2022-2881: The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process↗2022-09-21

▶

📋Vendor Advisories

Red Hat

bind: buffer overread in statistics channel code↗2022-09-21

▶

Ubuntu

Bind vulnerabilities↗2022-09-21

▶

Debian

CVE-2022-2881: bind9 - The underlying bug might cause read past end of the buffer and either read memor...↗2022

▶