CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-3204 – NRDelegation Attack
https://notcve.org/view.php?id=CVE-2022-3204
A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. • https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35QGS5FBQTG3DBSK7QV67PA64P24ABHY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3G2HS6CYPSIGAKO6QLEZPG3RD6AMPB7B https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4EU6DMJXQFMAIE6SLAH4H5RNRU6VQL https://security.gentoo.org/glsa/202212-02 https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-3204 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-3296 – Stack-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-3296
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. Desbordamiento del búfer en la región Stack de la memoria en el repositorio de GitHub vim/vim versiones anteriores a 9.0.0577. • https://github.com/vim/vim/commit/96b9bf8f74af8abf1e30054f996708db7dc285be https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI https://security.gentoo.org/glsa/202305-16 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-3297 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-3297
Use After Free in GitHub repository vim/vim prior to 9.0.0579. Un Uso de Memoria Previamente liberada en el repositorio de GitHub vim/vim versiones anteriores a 9.0.0579. • https://github.com/vim/vim/commit/0ff01835a40f549c5c4a550502f62a2ac9ac447c https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI https://security.gentoo.org/glsa/202305-16 • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-3278 – NULL Pointer Dereference in vim/vim
https://notcve.org/view.php?id=CVE-2022-3278
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. Una Desreferencia de Puntero NULL en el repositorio de GitHub vim/vim versiones anteriores a 9.0.0552. • https://github.com/vim/vim/commit/69082916c8b5d321545d60b9f5facad0a2dd5a4e https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI https://security.gentoo.org/glsa/202305-16 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-40188
https://notcve.org/view.php?id=CVE-2022-40188
Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets. Knot Resolver versiones anteriores a 5.5.3, permite a atacantes remotos causar una denegación de servicio (consumo de CPU) debido a una complejidad del algoritmo. Durante un ataque, un servidor autoritativo debe devolver grandes conjuntos de NS o conjuntos de direcciones. • https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1343#note_262558 https://lists.debian.org/debian-lts-announce/2022/10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIMDNIUI7GTUEKIBBYYW7OCTJQFPDNXL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2VE5K3VDUHJOIA2IGT3G5R76IBADMNE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO6LIVQS62MI5GG4OVYB5RHVZMYNHAHG • CWE-407: Inefficient Algorithmic Complexity •