By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2022/09/21/3 | Mailing List Patch Third Party Advisory |
https://kb.isc.org/docs/cve-2022-38177 | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/ | |
https://security.gentoo.org/glsa/202210-25 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20221228-0010/ | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5235 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
07 Nov 2023, 03:50
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-401 |
28 Feb 2023, 18:50
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20221228-0010/ - Third Party Advisory | |
CPE | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* | |
First Time |
Netapp active Iq Unified Manager
Netapp |
28 Dec 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Nov 2022, 20:44
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html - Mailing List, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202210-25 - Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
31 Oct 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Oct 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
01 Oct 2022, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Sep 2022, 13:42
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/ - Mailing List, Third Party Advisory | |
First Time |
Fedoraproject
Fedoraproject fedora |
27 Sep 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Sep 2022, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Sep 2022, 16:43
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:isc:bind:9.11.6:s1:*:*:supported_preview:*:*:* cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:supported_preview:*:* cpe:2.3:a:isc:bind:9.10.5:s1:*:*:supported_preview:*:*:* cpe:2.3:a:isc:bind:9.11.3:s1:*:*:supported_preview:*:*:* cpe:2.3:a:isc:bind:9.16.32:s1:*:*:supported_preview:*:*:* cpe:2.3:a:isc:bind:9.11.19-s1:*:*:*:preview:*:*:* cpe:2.3:a:isc:bind:9.11.37:s1:*:*:supported_preview:*:*:* cpe:2.3:a:isc:bind:9.16.21:s1:*:*:supported_preview:*:*:* cpe:2.3:a:isc:bind:9.11.29:s1:*:*:supported_preview:*:*:* cpe:2.3:a:isc:bind:9.16.11:s1:*:*:supported_preview:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.11.5:s5:*:*:supported_preview:*:*:* cpe:2.3:a:isc:bind:9.11.5:s3:*:*:*:supported_preview:*:* cpe:2.3:a:isc:bind:9.10.7:s1:*:*:supported_preview:*:*:* cpe:2.3:a:isc:bind:9.11.5:s6:*:*:supported_preview:*:*:* cpe:2.3:a:isc:bind:9.11.35:s1:*:*:supported_preview:*:*:* cpe:2.3:a:isc:bind:9.11.12:s1:*:*:supported_preview:*:*:* cpe:2.3:a:isc:bind:9.16.13:s1:*:*:supported_preview:*:*:* cpe:2.3:a:isc:bind:9.9.13:s1:*:*:supported_preview:*:*:* cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:* cpe:2.3:a:isc:bind:9.11.7:s1:*:*:supported_preview:*:*:* cpe:2.3:a:isc:bind:9.11.8:s1:*:*:supported_preview:*:*:* cpe:2.3:a:isc:bind:9.9.3:s1:*:*:supported_preview:*:*:* cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:* cpe:2.3:a:isc:bind:9.9.12:s1:*:*:supported_preview:*:*:* cpe:2.3:a:isc:bind:9.11.14-s1:*:*:*:preview:*:*:* cpe:2.3:a:isc:bind:9.16.8:s1:*:*:supported_preview:*:*:* cpe:2.3:a:isc:bind:9.11.21:s1:*:*:supported_preview:*:*:* cpe:2.3:a:isc:bind:9.11.27:s1:*:*:supported_preview:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/09/21/3 - Mailing List, Patch, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5235 - Third Party Advisory | |
References | (CONFIRM) https://kb.isc.org/docs/cve-2022-38177 - Patch, Third Party Advisory | |
First Time |
Debian
Debian debian Linux Isc Isc bind |
|
CWE | CWE-347 |
23 Sep 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Sep 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Sep 2022, 11:46
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-21 11:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-38177
Mitre link : CVE-2022-38177
CVE.ORG link : CVE-2022-38177
JSON object : View
Products Affected
netapp
- active_iq_unified_manager
debian
- debian_linux
fedoraproject
- fedora
isc
- bind
CWE
CWE-401
Missing Release of Memory after Effective Lifetime