CVE-2022-2906

Опубликовано: 21 сент. 2022

Источник: redhat

CVSS3: 7.5

Описание

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.

A flaw was found in the Bind package, where a flaw in ‘named’ can cause a small memory leak in key processing when using TKEY records in Diffie-Hellman mode with OpenSSL 3.0.0 and later versions. This flaw allows an attacker to gradually erode available memory to the point where ‘named’ crashes due to a lack of resources.

Отчет

This flaw only affects versions BIND-9.18.0 and higher, whereas Red Hat ships BIND-9.16 and lower versions. Therefore, versions of BIND shipped with Red Hat Products are not affected by this flaw.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	bind	Not affected
Red Hat Enterprise Linux 7	bind	Not affected
Red Hat Enterprise Linux 8	bind	Not affected
Red Hat Enterprise Linux 8	bind9.16	Not affected
Red Hat Enterprise Linux 9	bind	Not affected
Red Hat Enterprise Linux 9	dhcp	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-401

https://bugzilla.redhat.com/show_bug.cgi?id=2128598bind: memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs

7.5 High

CVSS3

Связанные уязвимости

CVE-2022-2906

CVSS3: 7.5

ubuntu

около 3 лет назад

CVE-2022-2906

CVSS3: 7.5

nvd

около 3 лет назад

CVE-2022-2906

CVSS3: 7.5

debian

около 3 лет назад

An attacker can leverage this flaw to gradually erode available memory ...

GHSA-pqxc-54m5-8r8m

CVSS3: 7.5

github

около 3 лет назад

BDU:2022-06070

CVSS3: 7.5

fstec

около 3 лет назад

Уязвимость реализации алгоритма Диффи-Хеллмана сервера DNS BIND, позволяющая нарушителю вызвать отказ в обслуживании

7.5 High

CVSS3