Lucene search
Gentoo FoundationMGASA-2022-0388HistoryOct 24, 2022 - 1:48 a.m.
Updated bind packages fix security vulnerability
2022-10-2401:48:35
Gentoo Foundation
advisories.mageia.org
31
bind
packages
security
vulnerability
resolver
performance
dns
spoofing
ecdsa
memory leak
cve-2022-2795
cve-2022-38177
cve-2022-38178
unix
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.005
Percentile
75.2%
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver’s performance, effectively denying legitimate clients access to the DNS resolution service. (CVE-2022-2795) By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. (CVE-2022-38177, CVE-2022-38178)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 8 | noarch | bind | < 9.11.37-1.1 | bind-9.11.37-1.1.mga8 |
Related
openvas
openvas
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2022-2788)
2022-12-09 00:00:00
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2022-2838)
2022-12-22 00:00:00
Huawei EulerOS: Security Advisory for dhcp (EulerOS-SA-2023-2580)
2023-08-08 00:00:00
debian
debian
[SECURITY] [DLA 3138-1] bind9 security update
2022-10-05 15:21:42
[SECURITY] [DSA 5235-1] bind9 security update
2022-09-22 13:30:54
nessus
nessus
EulerOS 2.0 SP10 : dhcp (EulerOS-SA-2023-1381)
2023-02-10 00:00:00
EulerOS Virtualization 2.9.0 : dhcp (EulerOS-SA-2023-2981)
2024-01-16 00:00:00
EulerOS Virtualization 2.10.1 : bind (EulerOS-SA-2023-1141)
2023-01-10 00:00:00
osv
osv
bind9 - security update
2022-10-05 00:00:00
bind9 - security update
2022-09-22 00:00:00
Important: bind security update
2022-10-04 00:00:00
ibm
ibm
Security Bulletin: ISC BIND on IBM i is vulnerable to denial of service due to memory leaks and a flaw in resolver code (CVE-2022-2795, CVE-2022-38177, CVE-2022-38178)
2022-11-28 20:43:38
suse
suse
Security update for bind (important)
2022-10-25 00:00:00
Security update for bind (important)
2022-10-21 00:00:00
Recommended update for bind (important)
2022-10-26 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: bind-dyndb-ldap-11.10-6.fc37
2022-09-25 00:22:18
[SECURITY] Fedora 36 Update: bind-9.16.33-1.fc36
2022-09-27 01:32:21
[SECURITY] Fedora 35 Update: bind-dyndb-ldap-11.9-16.fc35
2022-10-01 01:26:13
slackware
slackware
[slackware-security] bind
2022-09-21 18:42:26
amazon
amazon
Important: bind
2023-03-17 16:35:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0251
2022-09-23 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0458
2022-09-24 00:00:00
Important Photon OS Security Update - PHSA-2022-0523
2022-09-23 00:00:00
aix
aix
AIX is vulnerable to denial of service due to ISC BIND
2022-12-22 10:28:36
centos
centos
bind security update
2022-10-26 14:20:50
rocky
rocky
bind security update
2022-10-04 14:32:36
bind security update
2022-10-03 14:54:35
bind9.16 security update
2022-10-04 14:35:34
redhat
redhat
(RHSA-2022:6778) Important: bind security update
2022-10-04 14:32:36
(RHSA-2022:6779) Important: bind security update
2022-10-04 14:33:30
(RHSA-2022:6764) Important: bind security update
2022-10-03 14:55:52
almalinux
almalinux
Important: bind security update
2022-10-04 00:00:00
Important: bind security update
2022-10-03 00:00:00
Important: bind9.16 security update
2022-10-04 00:00:00
oraclelinux
oraclelinux
bind security update
2022-10-03 00:00:00
bind security update
2022-10-05 00:00:00
bind9.16 security update
2022-10-05 00:00:00
ubuntu
ubuntu
Bind vulnerabilities
2022-09-21 00:00:00
Bind vulnerabilities
2022-09-21 00:00:00
redos
redos
ROS-20220929-01
2022-09-29 00:00:00
cloudfoundry
cloudfoundry
USN-5626-1: Bind vulnerabilities | Cloud Foundry
2022-10-28 00:00:00
cisa
cisa
ISC Releases Security Advisories for Multiple Versions of BIND 9
2022-09-22 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2245
2023-10-17 12:03:14
redhatcve
redhatcve
CVE-2022-38177
2022-09-21 13:19:11
CVE-2022-38178
2022-09-21 13:19:11
prion
prion
Memory corruption
2022-09-21 11:15:00
Memory corruption
2022-09-21 11:15:00
ubuntucve
ubuntucve
CVE-2022-38177
2022-09-21 00:00:00
alpinelinux
alpinelinux
CVE-2022-38177
2022-09-21 11:15:09
CVE-2022-38178
2022-09-21 11:15:09
cbl_mariner
cbl_mariner
CVE-2022-38177 affecting package bind 9.16.27-1
2022-11-24 00:45:37
CVE-2022-38177 affecting package dhcp for versions less than 4.4.3-2
2024-05-16 20:39:53
CVE-2022-38177 affecting package bind for versions less than 9.16.33-1
2022-12-09 00:19:53
veracode
veracode
Denial Of Service (DoS)
2022-09-23 08:48:43
Memory Leak
2022-09-24 08:14:29
f5
f5
K27155546 : BIND vulnerability CVE-2022-38177
2022-10-19 00:00:00
nvd
nvd
CVE-2022-38177
2022-09-21 11:15:09
CVE-2022-38178
2022-09-21 11:15:09
debiancve
debiancve
CVE-2022-38177
2022-09-21 11:15:09
cve
cve
CVE-2022-38177
2022-09-21 11:15:09
CVE-2022-38178
2022-09-21 11:15:09
cvelist
cvelist
CVE-2022-38177 Memory leak in ECDSA DNSSEC verification code
2022-09-21 10:15:28
CVE-2022-38178 Memory leaks in EdDSA DNSSEC verification code
2022-09-21 10:15:29
gentoo
gentoo
ISC BIND: Multiple Vulnerabilities
2022-10-31 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.005
Percentile
75.2%
Related for MGASA-2022-0388