CVE-2022-2906 - OpenCVE

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Isc	Bind

Configuration 1 [-]

OR	cpe:2.3:a:isc:bind:::::-:::*
	cpe:2.3:a:isc:bind:::::-:::*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2022/09/21/3	Mailing List Patch Third Party Advisory
https://kb.isc.org/docs/cve-2022-2906	Patch Vendor Advisory
https://security.gentoo.org/glsa/202210-25	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: isc

Published: 2022-09-21T00:00:00

Updated: 2022-10-31T00:00:00

Reserved: 2022-08-19T00:00:00

Link: CVE-2022-2906

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-21T11:15:09.620

Modified: 2022-12-03T01:06:19.793

Link: CVE-2022-2906

JSON object: View

Redhat Information

No data.

CWE

CWE-401

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-2906", "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "datePublished": "2022-09-21T00:00:00", "dateUpdated": "2022-10-31T00:00:00", "dateReserved": "2022-08-19T00:00:00"}, "containers": {"cna": {"title": "Memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs (OpenSSL 3.0.0+ only)", "datePublic": "2022-09-21T00:00:00", "providerMetadata": {"orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc", "dateUpdated": "2022-10-31T00:00:00"}, "descriptions": [{"lang": "en", "value": "An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service."}], "affected": [{"vendor": "ISC", "product": "BIND9", "versions": [{"version": "Open Source Branch 9.18 9.18.0 through versions before 9.18.7", "status": "affected"}, {"version": "Development Branch 9.19 9.19.0 through versions before 9.19.5", "status": "affected"}]}], "references": [{"url": "https://kb.isc.org/docs/cve-2022-2906"}, {"name": "[oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/3"}, {"name": "GLSA-202210-25", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202210-25"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "In BIND 9.18.0 -> 9.18.6 and versions 9.19.0 -> 9.19.4 of the BIND 9.19 development branch, changes between OpenSSL 1.x and OpenSSL 3.0 expose a flaw in named that causes a small memory leak in key processing when using TKEY records in Diffie-Hellman mode with OpenSSL 3.0.0 and later versions."}]}], "source": {"discovery": "INTERNAL"}, "workarounds": [{"lang": "en", "value": "There are no known workarounds. TKEY record processing in GSS-TSIG mode is not affected by this defect. The memory leak impacts authoritative DNS server TKEY record processing only. Client processing (resolver functions) do not trigger this defect."}], "exploits": [{"lang": "en", "value": "This flaw was discovered in internal testing. We are not aware of any active exploits."}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND: BIND 9.18.7 or BIND 9.19.5."}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "matchCriteriaId": "BAE4B411-40F7-422D-8A5C-775ED1D00189", "versionEndExcluding": "9.18.7", "versionStartIncluding": "9.18.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "matchCriteriaId": "3E1EC206-AC11-4A7E-9723-C4F69FF76892", "versionEndExcluding": "9.19.5", "versionStartIncluding": "9.19.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service."}, {"lang": "es", "value": "Un atacante puede aprovechar este fallo para erosionar gradualmente la memoria disponible hasta el punto de que named sea bloqueado por falta de recursos. Al reiniciar, el atacante tendr\u00eda que empezar de nuevo, pero sin embargo se presenta la posibilidad de denegar el servicio"}], "id": "CVE-2022-2906", "lastModified": "2022-12-03T01:06:19.793", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-officer@isc.org", "type": "Secondary"}]}, "published": "2022-09-21T11:15:09.620", "references": [{"source": "security-officer@isc.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/3"}, {"source": "security-officer@isc.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://kb.isc.org/docs/cve-2022-2906"}, {"source": "security-officer@isc.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202210-25"}], "sourceIdentifier": "security-officer@isc.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}