Memory leak in ECDSA DNSSEC verification code
CVE-2022-38177
7.5HIGH
What is CVE-2022-38177?
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
Affected Version(s)
BIND9 Open Source Branches 9.8 through 9.16 9.8.4 through versions before 9.16.33
BIND9 Supported Preview Branches 9.9-S through 9.11-S 9.9.4-S1 through versions up to and including 9.11.37-S1
BIND9 Supported Preview Branch 9.16-S 9.16.8-S1 through versions before 9.16.33-S1