CVE-2022-2795

Опубликовано: 21 сент. 2022

Источник: redhat

CVSS3: 5.3

EPSS Низкий

Описание

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

A flaw was found in bind. When flooding the target resolver with special queries, an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	bind	Out of support scope
Red Hat Enterprise Linux 9	dhcp	Not affected
Red Hat Enterprise Linux 7	bind	Fixed	RHSA-2023:0402	24.01.2023
Red Hat Enterprise Linux 8	bind9.16	Fixed	RHSA-2023:2792	16.05.2023
Red Hat Enterprise Linux 8	bind	Fixed	RHSA-2023:3002	16.05.2023
Red Hat Enterprise Linux 8	bind	Fixed	RHSA-2023:3002	16.05.2023
Red Hat Enterprise Linux 8.6 Extended Update Support	bind	Fixed	RHSA-2024:2720	07.05.2024
Red Hat Enterprise Linux 8.6 Extended Update Support	dhcp	Fixed	RHSA-2024:2720	07.05.2024
Red Hat Enterprise Linux 9	bind	Fixed	RHSA-2023:2261	09.05.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-20->CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=2128584bind: processing large delegations may severely degrade resolver performance

EPSS

Процентиль: 58%

0.00375

Низкий

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2022-2795

CVSS3: 5.3

ubuntu

почти 3 года назад

CVE-2022-2795

CVSS3: 5.3

nvd

почти 3 года назад

CVE-2022-2795

CVSS3: 5.3

msrc

почти 3 года назад

Описание отсутствует

CVE-2022-2795

CVSS3: 5.3

debian

почти 3 года назад

By flooding the target resolver with queries exploiting this flaw an a ...

GHSA-9mq2-v988-m7mr

CVSS3: 7.5

github

почти 3 года назад

EPSS

Процентиль: 58%

0.00375

Низкий

5.3 Medium

CVSS3