Page 3 of 53 results (0.013 seconds)

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

By sending specific queries to the resolver, an attacker can cause named to crash. Mediante el envío de consultas específicas al resolver, un atacante puede causar la caída de named A flaw was found in the Bind package, where the resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to 0 and there is a stale CNAME in the cache for an incoming query. By sending specific queries to the resolver, an attacker can cause named to crash. • http://www.openwall.com/lists/oss-security/2022/09/21/3 https://kb.isc.org/docs/cve-2022-3080 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S https://security.gentoo.org/glsa/202210-25 https://securi • CWE-20: Improper Input Validation CWE-613: Insufficient Session Expiration •

CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. Al falsificar el resolver objetivo con respuestas que presentan una firma EdDSA malformada, un atacante puede desencadenar una pequeña pérdida de memoria. Es posible erosionar gradualmente la memoria disponible hasta el punto de que named sea bloqueado por falta de recursos A flaw was found in the Bind package, where the DNSSEC verification code for the EdDSA algorithm leaks memory when there is a signature length mismatch. By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak, resulting in crashing the program. • http://www.openwall.com/lists/oss-security/2022/09/21/3 https://kb.isc.org/docs/cve-2022-38178 https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 7.5EPSS: 0%CPEs: 34EXPL: 0

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. Al falsificar el resolver objetivo con respuestas que presentan una firma ECDSA malformada, un atacante puede desencadenar una pequeña pérdida de memoria. Es posible erosionar gradualmente la memoria disponible hasta el punto de que named sea bloqueado por falta de recursos A flaw was found in the Bind package. By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak, resulting in crashing the program. • http://www.openwall.com/lists/oss-security/2022/09/21/3 https://kb.isc.org/docs/cve-2022-38177 https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service. Un atacante puede aprovechar este fallo para erosionar gradualmente la memoria disponible hasta el punto de que named sea bloqueado por falta de recursos. Al reiniciar, el atacante tendría que empezar de nuevo, pero sin embargo se presenta la posibilidad de denegar el servicio • http://www.openwall.com/lists/oss-security/2022/09/21/3 https://kb.isc.org/docs/cve-2022-2906 https://security.gentoo.org/glsa/202210-25 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0

The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process. Un fallo subyacente podría causar que sea leído más allá del final del buffer y que sea leída memoria que no debería leer, o que bloqueará el proceso • http://www.openwall.com/lists/oss-security/2022/09/21/3 https://kb.isc.org/docs/cve-2022-2881 https://security.gentoo.org/glsa/202210-25 • CWE-125: Out-of-bounds Read •