CVE-2022-38178
published 2022-09-21CVE-2022-38178: By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
Affected
51 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | bind9 | < bind9 1:9.18.7-1 (bookworm) | bind9 1:9.18.7-1 (bookworm) |
| debian | debian_linux | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| isc | bind | — | — |
| isc | bind | — | — |
| isc | bind | — | — |
| isc | bind | — | — |
| isc | bind | — | — |
| isc | bind | — | — |
| isc | bind | — | — |
| isc | bind | — | — |
| isc | bind | — | — |
| isc | bind | — | — |
| isc | bind | — | — |
| isc | bind | — | — |
| isc | bind | — | — |
| isc | bind | — | — |
| isc | bind | — | — |
| isc | bind | — | — |
| isc | bind | — | — |
| isc | bind | — | — |
| isc | bind | 9.10.7 – 9.10.8 | — |
| isc | bind | 9.11.3 – 9.16.32 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH