Mageia: 2022-0388 Moderate: Bind Memory Leak DoS Issues
mageia
October 23, 2022
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to ...
Summary
By flooding the target resolver with queries exploiting this flaw an
attacker can significantly impair the resolver's performance,
effectively denying legitimate clients access to the DNS resolution
service. (CVE-2022-2795)
By spoofing the target resolver with responses that have a malformed ECDSA
signature, an attacker can trigger a small memory leak. It is possible to
gradually erode available memory to the point where named crashes for lack
of resources. (CVE-2022-38177, CVE-2022-38178)
References
- https://bugs.mageia.org/show_bug.cgi?id=30877
- https://kb.isc.org/docs/cve-2022-2795
- https://kb.isc.org/docs/cve-2022-38177
- https://kb.isc.org/docs/cve-2022-38178
-
- https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html
- https://www.cve.org/CVERecord?id=CVE-2022-2795
- https://www.cve.org/CVERecord?id=CVE-2022-38177
- https://www.cve.org/CVERecord?id=CVE-2022-38178
Topics Covered
Resolution
SRPMS
- 8/core/bind-9.11.37-1.1.mga8
PREVIOUS
NEXT
Publication date: 23 Oct 2022
URL: https://advisories.mageia.org/MGASA-2022-0388.html
Type: security
CVE: CVE-2022-2795,
CVE-2022-38177,
CVE-2022-38178
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!