Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-38178

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

Published

2022-09-21T11:15:09.733

Last Modified

2025-05-28T16:15:26.723

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-401
Type: Secondary
CWE-401

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	isc	bind	≤ 9.9.13	Yes
Application	isc	bind	≤ 9.10.8	Yes
Application	isc	bind	≤ 9.16.32	Yes
Application	isc	bind	9.11.3	Yes
Application	isc	bind	9.11.3	Yes
Application	isc	bind	9.11.5	Yes
Application	isc	bind	9.11.5	Yes
Application	isc	bind	9.11.5	Yes
Application	isc	bind	9.11.5	Yes
Application	isc	bind	9.11.6	Yes
Application	isc	bind	9.11.7	Yes
Application	isc	bind	9.11.8	Yes
Application	isc	bind	9.11.12	Yes
Application	isc	bind	9.11.14-s1	Yes
Application	isc	bind	9.11.19-s1	Yes
Application	isc	bind	9.11.21	Yes
Application	isc	bind	9.11.27	Yes
Application	isc	bind	9.11.29	Yes
Application	isc	bind	9.11.35	Yes
Application	isc	bind	9.11.37	Yes
Application	isc	bind	9.16.8	Yes
Application	isc	bind	9.16.11	Yes
Application	isc	bind	9.16.13	Yes
Application	isc	bind	9.16.21	Yes
Application	isc	bind	9.16.32	Yes
Operating System	debian	debian_linux	11.0	Yes
Operating System	fedoraproject	fedora	35	Yes
Operating System	fedoraproject	fedora	36	Yes
Operating System	fedoraproject	fedora	37	Yes
Application	netapp	active_iq_unified_manager	-	Yes

References

http://www.openwall.com/lists/oss-security/2022/09/21/3 Mailing List, Patch, Third Party Advisory ([email protected])
https://kb.isc.org/docs/cve-2022-38178 Mailing List, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/ ([email protected])
https://security.gentoo.org/glsa/202210-25 Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20221228-0009/ Third Party Advisory ([email protected])
https://www.debian.org/security/2022/dsa-5235 Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2022/09/21/3 Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://kb.isc.org/docs/cve-2022-38178 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202210-25 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20221228-0009/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2022/dsa-5235 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)