CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2906 – Memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs (OpenSSL 3.0.0+ only)
https://notcve.org/view.php?id=CVE-2022-2906
21 Sep 2022 — An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service. Un atacante puede aprovechar este fallo para erosionar gradualmente la memoria disponible hasta el punto de que named sea bloqueado por falta de recursos. Al reiniciar, el atacante tendría que empezar de nuevo, pero sin embargo se presenta la posibilidad de denegar el servic... • http://www.openwall.com/lists/oss-security/2022/09/21/3 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.3EPSS: 0%CPEs: 35EXPL: 0CVE-2022-2795 – Processing large delegations may severely degrade resolver performance
https://notcve.org/view.php?id=CVE-2022-2795
21 Sep 2022 — By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. Al inundar el resolvedor de destino con consultas que explotan este fallo, un atacante puede perjudicar significativamente el rendimiento del resolvedor, negando efectivamente a los clientes legítimos el acceso al servicio de resolución DNS A flaw was found in bind. When flooding the target resolver wit... • http://www.openwall.com/lists/oss-security/2022/09/21/3 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 34EXPL: 0CVE-2022-38177 – Memory leak in ECDSA DNSSEC verification code
https://notcve.org/view.php?id=CVE-2022-38177
21 Sep 2022 — By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. Al falsificar el resolver objetivo con respuestas que presentan una firma ECDSA malformada, un atacante puede desencadenar una pequeña pérdida de memoria. Es posible erosionar gradualmente la memoria disponible hasta el punto de que named sea bloqueado por falta de recursos... • http://www.openwall.com/lists/oss-security/2022/09/21/3 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 0CVE-2022-38178 – Memory leaks in EdDSA DNSSEC verification code
https://notcve.org/view.php?id=CVE-2022-38178
21 Sep 2022 — By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. Al falsificar el resolver objetivo con respuestas que presentan una firma EdDSA malformada, un atacante puede desencadenar una pequeña pérdida de memoria. Es posible erosionar gradualmente la memoria disponible hasta el punto de que named sea bloqueado por falta de recursos... • http://www.openwall.com/lists/oss-security/2022/09/21/3 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-3080 – BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly
https://notcve.org/view.php?id=CVE-2022-3080
21 Sep 2022 — By sending specific queries to the resolver, an attacker can cause named to crash. Mediante el envío de consultas específicas al resolver, un atacante puede causar la caída de named A flaw was found in the Bind package, where the resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to 0 and there is a stale CNAME in the cache for an incoming query. By sending specific queries to the resolver, an attacker can cause named to crash. Yehuda Afek, Anat Brem... • http://www.openwall.com/lists/oss-security/2022/09/21/3 • CWE-20: Improper Input Validation CWE-613: Insufficient Session Expiration •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2881 – Buffer overread in statistics channel code
https://notcve.org/view.php?id=CVE-2022-2881
21 Sep 2022 — The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process. Un fallo subyacente podría causar que sea leído más allá del final del buffer y que sea leída memoria que no debería leer, o que bloqueará el proceso Yehuda Afek, Anat Bremler-Barr, and Shani Stajnrod discovered that Bind incorrectly handled large delegations. A remote attacker could possibly use this issue to reduce performance, leading to a denial of service. It was discovered that B... • http://www.openwall.com/lists/oss-security/2022/09/21/3 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2022-1183 – Destroying a TLS session early causes assertion failure
https://notcve.org/view.php?id=CVE-2022-1183
19 May 2022 — On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch. En configuraciones vulnerables, el demonio nombrado puede, en algunas circun... • https://kb.isc.org/docs/cve-2022-1183 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2022-0635
https://notcve.org/view.php?id=CVE-2022-0635
23 Mar 2022 — Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check. Versiones afectadas: BIND 9.18.0, Cuando una versión vulnerable de named recibe una serie de consultas específicas, el proceso de named terminará eventualmente debido a una comprobación de aserción fallida • https://kb.isc.org/v1/docs/cve-2022-0635 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2022-0667 – Assertion failure on delayed DS lookup
https://notcve.org/view.php?id=CVE-2022-0667
22 Mar 2022 — When the vulnerability is triggered the BIND process will exit. BIND 9.18.0 Cuando es desencadenada la vulnerabilidad, el proceso BIND saldrá. BIND versión 9.18.0 • https://kb.isc.org/v1/docs/cve-2022-0667 • CWE-617: Reachable Assertion •
CVSS: 5.3EPSS: 0%CPEs: 25EXPL: 0CVE-2022-0396 – DoS from specifically crafted TCP packets
https://notcve.org/view.php?id=CVE-2022-0396
17 Mar 2022 — BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection. BIND versiones 9.16.11 posteriores a 9.16.26, versiones 9.17.0 posteriores a 9.18.0 y versiones 9.16.11-S1 posteriores a 9.16.26-S1 de BIND Supported Preview Edition. Los flujos TCP específicamente diseñados pued... • https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf • CWE-404: Improper Resource Shutdown or Release CWE-459: Incomplete Cleanup •