admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

[ISC] document BIND9 CVE-2022-38178

Browse Source
This commit is contained in:
Michał Kępień 2022-09-21 12:04:10 +02:00
parent 7218a91876
commit 3afdb98f8b
1 changed files with 113 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

117
2022/38xxx/CVE-2022-38178.json
View File

@ -3,16 +3,125 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"DATE_PUBLIC": "2022-09-21T09:39:29.000Z",
"ID": "CVE-2022-38178",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-officer@isc.org",
"STATE": "PUBLIC",
"TITLE": "Memory leaks in EdDSA DNSSEC verification code"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIND9",
"version": {
"version_data": [
{
"version_name": "Open Source Branch 9.9",
"version_value": "9.9.12 through versions up to and including 9.9.13"
},
{
"version_name": "Open Source Branch 9.10",
"version_value": "9.10.7 through versions up to and including 9.10.8"
},
{
"version_name": "Open Source Branches 9.11 through 9.16",
"version_value": "9.11.3 through versions before 9.16.33"
},
{
"version_name": "Open Source Branch 9.18",
"version_value": "9.18.0 through versions before 9.18.7"
},
{
"version_name": "Supported Preview Branch 9.11-S",
"version_value": "9.11.4-S1 through versions up to and including 9.11.37-S1"
},
{
"version_name": "Supported Preview Branch 9.16-S",
"version_value": "9.16.8-S1 through versions before 9.16.33-S1"
},
{
"version_name": "Development Branch 9.19",
"version_value": "9.19.0 through versions before 9.19.5"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"credit": [],
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources."
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "This flaw was discovered in internal testing. We are not aware of any active exploits."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.16.32, 9.18.0 -> 9.18.6, versions 9.11.4-S1 -> 9.11.37-S1, 9.16.8-S1 -> 9.16.32-S1 of the BIND Supported Preview Edition, and versions 9.19.0 -> 9.19.4 of the BIND 9.19 development branch, the DNSSEC verification code for the EdDSA algorithm leaks memory when there is a signature length mismatch."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/cve-2022-38178",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/cve-2022-38178"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to the patched release most closely related to your current version of BIND: BIND 9.16.33, BIND 9.18.7, BIND 9.19.5, or for BIND Supported Preview Edition (a special feature preview branch of BIND provided to eligible ISC support customers): BIND 9.16.33-S1."
}
],
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Disable the following algorithms in your configuration using the disable-algorithms option: ED25519, ED448. Note that this causes zones signed with these algorithms to be treated as insecure."
}
]
}