Vulnerability Details CVE-2022-38178
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.4%
CVSS Severity
CVSS v3 Score 7.5
References
- http://www.openwall.com/lists/oss-security/2022/09/21/3
- https://kb.isc.org/docs/cve-2022-38178
- https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/
- https://security.gentoo.org/glsa/202210-25
- https://security.netapp.com/advisory/ntap-20221228-0009/
- https://www.debian.org/security/2022/dsa-5235
- http://www.openwall.com/lists/oss-security/2022/09/21/3
- https://kb.isc.org/docs/cve-2022-38178
- https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/
- https://security.gentoo.org/glsa/202210-25
- https://security.netapp.com/advisory/ntap-20221228-0009/
- https://www.debian.org/security/2022/dsa-5235
Products affected by CVE-2022-38178
-
cpe:2.3:a:isc:bind:9.10.7
-
cpe:2.3:a:isc:bind:9.10.8
-
cpe:2.3:a:isc:bind:9.11.10
-
cpe:2.3:a:isc:bind:9.11.11
-
cpe:2.3:a:isc:bind:9.11.12
-
cpe:2.3:a:isc:bind:9.11.14
-
cpe:2.3:a:isc:bind:9.11.14-s1
-
cpe:2.3:a:isc:bind:9.11.18
-
cpe:2.3:a:isc:bind:9.11.19
-
cpe:2.3:a:isc:bind:9.11.19-s1
-
cpe:2.3:a:isc:bind:9.11.20
-
cpe:2.3:a:isc:bind:9.11.21
-
cpe:2.3:a:isc:bind:9.11.22
-
cpe:2.3:a:isc:bind:9.11.23
-
cpe:2.3:a:isc:bind:9.11.25
-
cpe:2.3:a:isc:bind:9.11.26
-
cpe:2.3:a:isc:bind:9.11.27
-
cpe:2.3:a:isc:bind:9.11.28
-
cpe:2.3:a:isc:bind:9.11.29
-
cpe:2.3:a:isc:bind:9.11.3
-
cpe:2.3:a:isc:bind:9.11.30
-
cpe:2.3:a:isc:bind:9.11.31
-
cpe:2.3:a:isc:bind:9.11.35
-
cpe:2.3:a:isc:bind:9.11.36
-
cpe:2.3:a:isc:bind:9.11.37
-
cpe:2.3:a:isc:bind:9.11.4
-
cpe:2.3:a:isc:bind:9.11.5
-
cpe:2.3:a:isc:bind:9.11.6
-
cpe:2.3:a:isc:bind:9.11.7
-
cpe:2.3:a:isc:bind:9.11.8
-
cpe:2.3:a:isc:bind:9.11.9
-
cpe:2.3:a:isc:bind:9.12.0
-
cpe:2.3:a:isc:bind:9.12.1
-
cpe:2.3:a:isc:bind:9.12.2
-
cpe:2.3:a:isc:bind:9.12.3
-
cpe:2.3:a:isc:bind:9.12.4
-
cpe:2.3:a:isc:bind:9.13.0
-
cpe:2.3:a:isc:bind:9.13.1
-
cpe:2.3:a:isc:bind:9.13.2
-
cpe:2.3:a:isc:bind:9.13.3
-
cpe:2.3:a:isc:bind:9.13.4
-
cpe:2.3:a:isc:bind:9.13.5
-
cpe:2.3:a:isc:bind:9.13.6
-
cpe:2.3:a:isc:bind:9.13.7
-
cpe:2.3:a:isc:bind:9.14.0
-
cpe:2.3:a:isc:bind:9.14.1
-
cpe:2.3:a:isc:bind:9.14.11
-
cpe:2.3:a:isc:bind:9.14.12
-
cpe:2.3:a:isc:bind:9.14.2
-
cpe:2.3:a:isc:bind:9.14.3
-
cpe:2.3:a:isc:bind:9.14.4
-
cpe:2.3:a:isc:bind:9.14.5
-
cpe:2.3:a:isc:bind:9.14.6
-
cpe:2.3:a:isc:bind:9.14.7
-
cpe:2.3:a:isc:bind:9.14.8
-
cpe:2.3:a:isc:bind:9.14.9
-
cpe:2.3:a:isc:bind:9.15.0
-
cpe:2.3:a:isc:bind:9.15.1
-
cpe:2.3:a:isc:bind:9.15.2
-
cpe:2.3:a:isc:bind:9.15.3
-
cpe:2.3:a:isc:bind:9.15.4
-
cpe:2.3:a:isc:bind:9.15.5
-
cpe:2.3:a:isc:bind:9.15.6
-
cpe:2.3:a:isc:bind:9.16.0
-
cpe:2.3:a:isc:bind:9.16.1
-
cpe:2.3:a:isc:bind:9.16.10
-
cpe:2.3:a:isc:bind:9.16.11
-
cpe:2.3:a:isc:bind:9.16.12
-
cpe:2.3:a:isc:bind:9.16.13
-
cpe:2.3:a:isc:bind:9.16.14
-
cpe:2.3:a:isc:bind:9.16.15
-
cpe:2.3:a:isc:bind:9.16.19
-
cpe:2.3:a:isc:bind:9.16.2
-
cpe:2.3:a:isc:bind:9.16.21
-
cpe:2.3:a:isc:bind:9.16.22
-
cpe:2.3:a:isc:bind:9.16.3
-
cpe:2.3:a:isc:bind:9.16.32
-
cpe:2.3:a:isc:bind:9.16.4
-
cpe:2.3:a:isc:bind:9.16.5
-
cpe:2.3:a:isc:bind:9.16.6
-
cpe:2.3:a:isc:bind:9.16.7
-
cpe:2.3:a:isc:bind:9.16.8
-
cpe:2.3:a:isc:bind:9.16.9
-
cpe:2.3:a:isc:bind:9.9.12
-
cpe:2.3:a:isc:bind:9.9.13
-
cpe:2.3:a:netapp:active_iq_unified_manager:-
-
cpe:2.3:o:debian:debian_linux:11.0
-
cpe:2.3:o:fedoraproject:fedora:35
-
cpe:2.3:o:fedoraproject:fedora:36
-
cpe:2.3:o:fedoraproject:fedora:37