CVE-2022-2906

Name of the Vulnerable Software and Affected Versions BIND versions prior to the fixed version

Description The issue allows an attacker to gradually erode available memory, potentially causing the named service to crash due to lack of resources. Upon restart, the attacker would have to begin again, but there is still the potential to deny service. This can be exploited by a remote attacker to cause a denial of service. The vulnerability is related to a memory leak when handling TKEY records using the Diffie-Hellman key exchange algorithm with OpenSSL 3.0.0 and later versions.

Recommendations For BIND versions prior to the fixed version, consider applying a patch or update to resolve the issue. As a temporary workaround, restrict access to the TKEY records handling functionality to minimize the risk of exploitation. Additionally, monitor system resources to quickly detect and respond to potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.