CVE-2022-38177

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*
cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:supported_preview:*:*
cpe:2.3:a:isc:bind:9.9.3:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.9.12:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.9.13:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.10.5:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.10.7:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.11.3:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.11.5:s3:*:*:*:supported_preview:*:*
cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.11.5:s5:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.11.5:s6:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.11.6:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.11.7:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.11.8:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.11.12:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.11.14-s1:*:*:*:preview:*:*:*
cpe:2.3:a:isc:bind:9.11.19-s1:*:*:*:preview:*:*:*
cpe:2.3:a:isc:bind:9.11.21:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.11.27:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.11.29:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.11.35:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.11.37:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.16.8:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.16.11:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.16.13:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.16.21:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.16.32:s1:*:*:supported_preview:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

History

08 Aug 2023, 14:22

Type Values Removed Values Added
CWE CWE-347 CWE-401

28 Feb 2023, 18:50

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20221228-0010/ - Third Party Advisory
CPE cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

03 Nov 2022, 20:44

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-21 11:15

Updated : 2024-02-04 22:51


NVD link : CVE-2022-38177

Mitre link : CVE-2022-38177

CVE.ORG link : CVE-2022-38177


JSON object : View

Products Affected

isc

  • bind

debian

  • debian_linux

fedoraproject

  • fedora

netapp

  • active_iq_unified_manager
CWE
CWE-401

Missing Release of Memory after Effective Lifetime