Debian CVE: CVE-2022-2795 / CVE-2022-3080 / CVE-2022-38177 / CVE-2022-38178: bind9: multiple CVEs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Wentao Zhang |
Bug Description
CVE-2022-2795: [https:/
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
CVE-2022-3080: [https:/
By sending specific queries to the resolver, an attacker can cause named to crash.
CVE-2022-38177: [https:/
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
CVE-2022-38178: [https:/
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
Score:
cve_id status cvss3Score av ac pr ui ai
CVE-2022-2795 fixed 7.5 N L N N H
CVE-2022-3080 fixed 7.5 N L N N H
CVE-2022-38177 fixed 7.5 N L N N H
CVE-2022-38178 fixed 7.5 N L N N H
References:
https:/
['bind9-
CVE References
Changed in starlingx: | |
status: | New → Triaged |
screening: stx.8.0 / medium - CVE meets the stx fix criteria