[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253164

 
 

909

 
 

197077

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2022-38177Date: (C)2022-09-22   (M)2024-02-07


By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.5CVSS Score :
Exploit Score: 3.9Exploit Score:
Impact Score: 3.6Impact Score:
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector:
Attack Complexity: LOWAccess Complexity:
Privileges Required: NONEAuthentication:
User Interaction: NONEConfidentiality:
Scope: UNCHANGEDIntegrity:
Confidentiality: NONEAvailability:
Integrity: NONE 
Availability: HIGH 
  
Reference:
DSA-5235
FEDORA-2022-8268735e06
FEDORA-2022-b197d64471
FEDORA-2022-ef038365de
GLSA-202210-25
https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html
http://www.openwall.com/lists/oss-security/2022/09/21/3
https://kb.isc.org/docs/cve-2022-38177
https://security.netapp.com/advisory/ntap-20221228-0010/

CPE    7
cpe:/a:isc:bind:9.16.13:s1:~~supported_preview~~~
cpe:/a:isc:bind:9.11.29:s1:~~supported_preview~~~
cpe:/a:isc:bind:9.11.8:s1:~~supported_preview~~~
cpe:/a:isc:bind:9.9.3:s1:~~supported_preview~~~
...
CWE    1
CWE-401
OVAL    38
oval:org.secpod.oval:def:507181
oval:org.secpod.oval:def:507180
oval:org.secpod.oval:def:507184
oval:org.secpod.oval:def:2107899
...

© SecPod Technologies