Memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs (OpenSSL 3.0.0+ only)
CVE-2022-2906

7.5HIGH

Key Information:

Vendor

Isc
Status
Bind9
Vendor
CVE Published:
21 September 2022

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2022-2906?

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BIND9 Open Source Branch 9.18 9.18.0 through versions before 9.18.7

BIND9 Development Branch 9.19 9.19.0 through versions before 9.19.5

References

https://kb.isc.org/docs/cve-2022-2906
http://www.openwall.com/lists/oss-security/2022/09/21/3
mailing-list
https://security.gentoo.org/glsa/202210-25
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.