CVE-2022-2906

Description

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected products

ISC / BIND9Open Source Branch 9.18 9.18.0 through versions before 9.18.7 – Open Source Branch 9.18 9.18.0 through versions before 9.18.7
ISC / BIND9Development Branch 9.19 9.19.0 through versions before 9.19.5 – Development Branch 9.19 9.19.0 through versions before 9.19.5

References

MISChttps://kb.isc.org/docs/cve-2022-2906
MAILING_LISThttp://www.openwall.com/lists/oss-security/2022/09/21/3
MISChttps://security.gentoo.org/glsa/202210-25