CVE-2022-38178

Description

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected products

ISC / BIND9Open Source Branch 9.9 9.9.12 through versions up to and including 9.9.13 – Open Source Branch 9.9 9.9.12 through versions up to and including 9.9.13
ISC / BIND9Open Source Branch 9.10 9.10.7 through versions up to and including 9.10.8 – Open Source Branch 9.10 9.10.7 through versions up to and including 9.10.8
ISC / BIND9Open Source Branches 9.11 through 9.16 9.11.3 through versions before 9.16.33 – Open Source Branches 9.11 through 9.16 9.11.3 through versions before 9.16.33
ISC / BIND9Open Source Branch 9.18 9.18.0 through versions before 9.18.7 – Open Source Branch 9.18 9.18.0 through versions before 9.18.7
ISC / BIND9Supported Preview Branch 9.11-S 9.11.4-S1 through versions up to and including 9.11.37-S1 – Supported Preview Branch 9.11-S 9.11.4-S1 through versions up to and including 9.11.37-S1
ISC / BIND9Supported Preview Branch 9.16-S 9.16.8-S1 through versions before 9.16.33-S1 – Supported Preview Branch 9.16-S 9.16.8-S1 through versions before 9.16.33-S1
ISC / BIND9Development Branch 9.19 9.19.0 through versions before 9.19.5 – Development Branch 9.19 9.19.0 through versions before 9.19.5

Description

CVSS breakdown

Affected products

References