rpm package
opensuse/bind&distro=openSUSE Leap 15.3
pkg:rpm/opensuse/bind&distro=openSUSE%20Leap%2015.3
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-38178 | — | < 9.16.6-150300.22.21.2 | 9.16.6-150300.22.21.2 | Sep 21, 2022 | By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. | ||
| CVE-2022-38177 | — | < 9.16.6-150300.22.21.2 | 9.16.6-150300.22.21.2 | Sep 21, 2022 | By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. | ||
| CVE-2022-2795 | — | < 9.16.6-150300.22.21.2 | 9.16.6-150300.22.21.2 | Sep 21, 2022 | By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. | ||
| CVE-2021-25219 | — | < 9.16.6-150300.22.13.1 | 9.16.6-150300.22.13.1 | Oct 27, 2021 | In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a |
- CVE-2022-38178Sep 21, 2022affected < 9.16.6-150300.22.21.2fixed 9.16.6-150300.22.21.2
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
- CVE-2022-38177Sep 21, 2022affected < 9.16.6-150300.22.21.2fixed 9.16.6-150300.22.21.2
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
- CVE-2022-2795Sep 21, 2022affected < 9.16.6-150300.22.21.2fixed 9.16.6-150300.22.21.2
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
- CVE-2021-25219Oct 27, 2021affected < 9.16.6-150300.22.13.1fixed 9.16.6-150300.22.13.1
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a