PT-2022-4936 · Isc+12 · Bind+12
Published
2022-09-14
·
Updated
2026-01-16
·
CVE-2022-38177
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
BIND versions prior to the fixed version
Description
The issue is related to a memory leak in the DNSSEC code for the ECDSA algorithm. By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. This can allow a remote attacker to perform a denial-of-service attack.
Recommendations
For BIND versions prior to the fixed version, update to a version that includes the fix for this issue to prevent the memory leak and potential crash.
As a temporary workaround, consider restricting access to the DNSSEC validation code to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
DoS
Improper Verification of Cryptographic Signature
Memory Leak
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Bind
Bind Server
Centos
Ibm Aix
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu