CVE 2022-38178
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
Related bugs and status
CVE-2022-38178 (Candidate) is related to these bugs:
Bug #1258003: DiG crashes on +nssearch with +tcp in bind9 9.18
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1258003 | DiG crashes on +nssearch with +tcp in bind9 9.18 | bind9 (Ubuntu) | High | Fix Released | ||
| 1258003 | DiG crashes on +nssearch with +tcp in bind9 9.18 | bind9 (Ubuntu Jammy) | High | Fix Released | ||
| 1258003 | DiG crashes on +nssearch with +tcp in bind9 9.18 | bind9 (Ubuntu Kinetic) | Undecided | Fix Released | ||
Bug #1970252: The `dig` and `host` commands core dump or give incomplete results in Ubuntu 22.04
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1970252 | The `dig` and `host` commands core dump or give incomplete results in Ubuntu 22.04 | bind9 (Ubuntu) | High | Fix Released | ||
| 1970252 | The `dig` and `host` commands core dump or give incomplete results in Ubuntu 22.04 | bind9 (Ubuntu Jammy) | High | Fix Released | ||
| 1970252 | The `dig` and `host` commands core dump or give incomplete results in Ubuntu 22.04 | bind9 (Ubuntu Kinetic) | High | Fix Released | ||
Bug #1993375: Merge bind9 from Debian unstable for l-series
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1993375 | Merge bind9 from Debian unstable for l-series | bind9 (Ubuntu) | Undecided | Fix Released | ||
Bug #1994099: Debian CVE: CVE-2022-2795 / CVE-2022-3080 / CVE-2022-38177 / CVE-2022-38178: bind9: multiple CVEs
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1994099 | Debian CVE: CVE-2022-2795 / CVE-2022-3080 / CVE-2022-38177 / CVE-2022-38178: bind9: multiple CVEs | StarlingX | Medium | Fix Released | ||
Bug #2003584: Add better DEP-8 tests
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2003584 | Add better DEP-8 tests | bind9 (Ubuntu) | Undecided | Fix Released | ||
| 2003584 | Add better DEP-8 tests | bind9 (Ubuntu Kinetic) | Undecided | Fix Released | ||
| 2003584 | Add better DEP-8 tests | bind9 (Ubuntu Focal) | Undecided | New | ||
| 2003584 | Add better DEP-8 tests | bind9 (Ubuntu Jammy) | Undecided | Fix Released | ||
Bug #2003586: MRE Updates 9.18.12 / 9.16.39
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2003586 | MRE Updates 9.18.12 / 9.16.39 | bind9 (Ubuntu) | Undecided | Fix Released | ||
| 2003586 | MRE Updates 9.18.12 / 9.16.39 | bind9 (Ubuntu Kinetic) | Undecided | Fix Released | ||
| 2003586 | MRE Updates 9.18.12 / 9.16.39 | bind9 (Ubuntu Focal) | Undecided | Fix Released | ||
| 2003586 | MRE Updates 9.18.12 / 9.16.39 | bind9 (Ubuntu Jammy) | Undecided | Fix Released | ||
| 2003586 | MRE Updates 9.18.12 / 9.16.39 | bind-dyndb-ldap (Ubuntu) | Undecided | Fix Released | ||
| 2003586 | MRE Updates 9.18.12 / 9.16.39 | bind-dyndb-ldap (Ubuntu Jammy) | Undecided | Fix Released | ||
| 2003586 | MRE Updates 9.18.12 / 9.16.39 | bind-dyndb-ldap (Ubuntu Kinetic) | Undecided | Fix Released | ||
Bug #2006972: bind9 can't load preinstalled plugins
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2006972 | bind9 can't load preinstalled plugins | bind9 (Ubuntu) | Undecided | Fix Released | ||
| 2006972 | bind9 can't load preinstalled plugins | bind9 (Ubuntu Jammy) | Undecided | Fix Released | ||
| 2006972 | bind9 can't load preinstalled plugins | bind9 (Ubuntu Lunar) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
