Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-2906

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.

Published

2022-09-21T11:15:09.620

Last Modified

2025-05-28T16:15:23.157

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-401
Type: Secondary
CWE-401

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	isc	bind	< 9.18.7	Yes
Application	isc	bind	< 9.19.5	Yes

References

http://www.openwall.com/lists/oss-security/2022/09/21/3 Mailing List, Patch, Third Party Advisory ([email protected])
https://kb.isc.org/docs/cve-2022-2906 Patch, Vendor Advisory ([email protected])
https://security.gentoo.org/glsa/202210-25 Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2022/09/21/3 Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://kb.isc.org/docs/cve-2022-2906 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202210-25 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)