CVE-2022-2906

CWE-401Memory Leak8 documents7 sources
Severity
7.5HIGH
EPSS
0.9%
top 25.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ISC BindISC Bind9
Timeline
PublishedSep 21
Latest updateSep 22

Description

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDisc/bind9.18.09.18.7+1
Debianbind9< 1:9.18.7-1+2
CVEListV5isc/bind9Development Branch 9.19 9.19.0 through versions before 9.19.5, Open Source Branch 9.18 9.18.0 through versions before 9.18.7+1

Patches

Patch: www.openwall.comPatch: kb.isc.orgPatch: www.openwall.com

🔴Vulnerability Details

4
GHSA
GHSA-pqxc-54m5-8r8m: An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources2022-09-22
CVEList
Memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs (OpenSSL 3.0.0+ only)2022-09-21
OSV
CVE-2022-2906: An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources2022-09-21
OSV
bind9 vulnerabilities2022-09-21

📋Vendor Advisories

3
Ubuntu
Bind vulnerabilities2022-09-21
Red Hat
bind: memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs2022-09-21
Debian
CVE-2022-2906: bind9 - An attacker can leverage this flaw to gradually erode available memory to the po...2022
CVE-2022-2906 (HIGH CVSS 7.5) | An attacker can leverage this flaw | cvebase.io