Buffer overread in statistics channel code
CVE-2022-2881

8.2HIGH

Key Information:

Vendor

Isc
Status
Bind9
Vendor
CVE Published:
21 September 2022

Badges

👾 Exploit Exists

What is CVE-2022-2881?

The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.

Affected Version(s)

BIND9 Open Source Branch 9.18 9.18.0 through versions before 9.18.7

BIND9 Development Branch 9.19 9.19.0 through versions before 9.19.5

References

https://kb.isc.org/docs/cve-2022-2881
http://www.openwall.com/lists/oss-security/2022/09/21/3
mailing-list
https://security.gentoo.org/glsa/202210-25
vendor-advisory

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.