Unrated severityNVD Advisory· Published Sep 21, 2022· Updated May 28, 2025
Memory leak in ECDSA DNSSEC verification code
CVE-2022-38177
Description
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
Affected products
79- osv-coords78 versionspkg:apk/chainguard/bindpkg:apk/chainguard/bind-devpkg:apk/chainguard/bind-dnssec-rootpkg:apk/chainguard/bind-dnssec-toolspkg:apk/chainguard/bind-docpkg:apk/chainguard/bind-libspkg:apk/chainguard/bind-pluginspkg:apk/chainguard/bind-toolspkg:apk/wolfi/bindpkg:apk/wolfi/bind-devpkg:apk/wolfi/bind-dnssec-rootpkg:apk/wolfi/bind-dnssec-toolspkg:apk/wolfi/bind-docpkg:apk/wolfi/bind-libspkg:apk/wolfi/bind-pluginspkg:apk/wolfi/bind-toolspkg:rpm/almalinux/bindpkg:rpm/almalinux/bind9.16pkg:rpm/almalinux/bind9.16-chrootpkg:rpm/almalinux/bind9.16-develpkg:rpm/almalinux/bind9.16-dnssec-utilspkg:rpm/almalinux/bind9.16-docpkg:rpm/almalinux/bind9.16-libspkg:rpm/almalinux/bind9.16-licensepkg:rpm/almalinux/bind9.16-utilspkg:rpm/almalinux/bind-chrootpkg:rpm/almalinux/bind-develpkg:rpm/almalinux/bind-dnssec-docpkg:rpm/almalinux/bind-dnssec-utilspkg:rpm/almalinux/bind-export-develpkg:rpm/almalinux/bind-export-libspkg:rpm/almalinux/bind-libspkg:rpm/almalinux/bind-libs-litepkg:rpm/almalinux/bind-licensepkg:rpm/almalinux/bind-lite-develpkg:rpm/almalinux/bind-pkcs11pkg:rpm/almalinux/bind-pkcs11-develpkg:rpm/almalinux/bind-pkcs11-libspkg:rpm/almalinux/bind-pkcs11-utilspkg:rpm/almalinux/bind-sdbpkg:rpm/almalinux/bind-sdb-chrootpkg:rpm/almalinux/bind-utilspkg:rpm/almalinux/python3-bindpkg:rpm/almalinux/python3-bind9.16pkg:rpm/opensuse/bind&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/bind&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/bind&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/bind&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP4pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/bind&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/bind&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/bind&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/bind&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/bind&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 0+ 77 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 32:9.16.23-1.el9_0.1
- (no CPE)range: < 32:9.16.23-0.7.el8_6.1
- (no CPE)range: < 32:9.16.23-0.7.el8_6.1
- (no CPE)range: < 32:9.16.23-0.7.el8_6.1
- (no CPE)range: < 32:9.16.23-0.7.el8_6.1
- (no CPE)range: < 32:9.16.23-0.7.el8_6.1
- (no CPE)range: < 32:9.16.23-0.7.el8_6.1
- (no CPE)range: < 32:9.16.23-0.7.el8_6.1
- (no CPE)range: < 32:9.16.23-0.7.el8_6.1
- (no CPE)range: < 32:9.16.23-1.el9_0.1
- (no CPE)range: < 32:9.16.23-1.el9_0.1
- (no CPE)range: < 32:9.16.23-1.el9_0.1
- (no CPE)range: < 32:9.16.23-1.el9_0.1
- (no CPE)range: < 32:9.11.36-3.el8_6.1
- (no CPE)range: < 32:9.11.36-3.el8_6.1
- (no CPE)range: < 32:9.16.23-1.el9_0.1
- (no CPE)range: < 32:9.11.36-3.el8_6.1
- (no CPE)range: < 32:9.16.23-1.el9_0.1
- (no CPE)range: < 32:9.11.36-3.el8_6.1
- (no CPE)range: < 32:9.11.36-3.el8_6.1
- (no CPE)range: < 32:9.11.36-3.el8_6.1
- (no CPE)range: < 32:9.11.36-3.el8_6.1
- (no CPE)range: < 32:9.11.36-3.el8_6.1
- (no CPE)range: < 32:9.11.36-3.el8_6.1
- (no CPE)range: < 32:9.11.36-3.el8_6.1
- (no CPE)range: < 32:9.16.23-1.el9_0.1
- (no CPE)range: < 32:9.16.23-1.el9_0.1
- (no CPE)range: < 32:9.16.23-0.7.el8_6.1
- (no CPE)range: < 9.16.6-150300.22.21.2
- (no CPE)range: < 9.16.6-150300.22.21.2
- (no CPE)range: < 9.16.6-150000.12.63.1
- (no CPE)range: < 9.16.6-150000.12.63.1
- (no CPE)range: < 9.16.6-150000.12.63.1
- (no CPE)range: < 9.16.6-150000.12.63.1
- (no CPE)range: < 9.16.6-150000.12.63.1
- (no CPE)range: < 9.16.6-150000.12.63.1
- (no CPE)range: < 9.16.6-150000.12.63.1
- (no CPE)range: < 9.16.6-150000.12.63.1
- (no CPE)range: < 9.16.6-150300.22.21.2
- (no CPE)range: < 9.16.6-150300.22.21.2
- (no CPE)range: < 9.16.6-150300.22.21.2
- (no CPE)range: < 9.16.33-150400.5.11.1
- (no CPE)range: < 9.9.9P1-63.37.1
- (no CPE)range: < 9.9.9P1-63.37.1
- (no CPE)range: < 9.11.22-3.43.1
- (no CPE)range: < 9.11.22-3.43.1
- (no CPE)range: < 9.16.6-150000.12.63.1
- (no CPE)range: < 9.16.6-150000.12.63.1
- (no CPE)range: < 9.16.6-150000.12.63.1
- (no CPE)range: < 9.16.6-150000.12.63.1
- (no CPE)range: < 9.16.6-150000.12.63.1
- (no CPE)range: < 9.11.22-3.43.1
- (no CPE)range: < 9.11.22-3.43.1
- (no CPE)range: < 9.16.6-150000.12.63.1
- (no CPE)range: < 9.16.6-150000.12.63.1
- (no CPE)range: < 9.16.6-150000.12.63.1
- (no CPE)range: < 9.11.22-3.43.1
- (no CPE)range: < 9.16.6-150000.12.63.1
- (no CPE)range: < 9.16.6-150000.12.63.1
- (no CPE)range: < 9.16.6-150000.12.63.1
- (no CPE)range: < 9.11.22-3.43.1
- (no CPE)range: < 9.11.22-3.43.1
- ISC/BIND9v5Range: Open Source Branches 9.8 through 9.16 9.8.4 through versions before 9.16.33
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/mitrevendor-advisory
- security.gentoo.org/glsa/202210-25mitrevendor-advisory
- www.debian.org/security/2022/dsa-5235mitrevendor-advisory
- www.openwall.com/lists/oss-security/2022/09/21/3mitremailing-list
- lists.debian.org/debian-lts-announce/2022/10/msg00007.htmlmitremailing-list
- kb.isc.org/docs/cve-2022-38177mitre
- security.netapp.com/advisory/ntap-20221228-0010/mitre
News mentions
0No linked articles in our index yet.