CVE-2022-38177

Updated: 2022-11-03 20:40:10.139387

Description:

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS bind 9.8.2 7.5 HIGH Not Vulnerable 2022-09-26 03:10:01
CentOS 8.4 ELS bind 9.11.26 7.5 HIGH Released CLSA-2022:1664476753 2022-09-29 17:02:59
CentOS 8.5 ELS bind 9.11.26 7.5 HIGH Released CLSA-2022:1664476909 2022-09-29 17:02:59
CloudLinux 6 ELS bind 9.8.2 7.5 HIGH Not Vulnerable 2022-09-26 03:10:02
Oracle Linux 6 ELS bind 9.8.2 7.5 HIGH Not Vulnerable 2022-09-26 03:10:01
Ubuntu 16.04 ELS bind9 9.10.3 7.5 HIGH Released CLSA-2022:1664475166 2022-09-29 17:02:55