Описание
An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| bind9 | fixed | 1:9.18.7-1 | package | |
| bind9 | not-affected | bullseye | package | |
| bind9 | not-affected | buster | package |
Примечания
https://kb.isc.org/docs/cve-2022-2906
Introduced after: https://gitlab.isc.org/isc-projects/bind9/-/commit/e18777c7582d54d227714882e9e79746ce48e002 (v9_17_20)
Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/73df5c80538970ee1fbc4fe3348109bdc281e197 (v9_18_7)
EPSS
Связанные уязвимости
An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.
An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.
An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.
An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.
Уязвимость реализации алгоритма Диффи-Хеллмана сервера DNS BIND, позволяющая нарушителю вызвать отказ в обслуживании
EPSS