rpm package
suse/bind&distro=SUSE Linux Enterprise Module for Server Applications 15 SP3
pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-38178 | — | < 9.16.6-150300.22.21.2 | 9.16.6-150300.22.21.2 | Sep 21, 2022 | By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. | ||
| CVE-2022-38177 | — | < 9.16.6-150300.22.21.2 | 9.16.6-150300.22.21.2 | Sep 21, 2022 | By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. | ||
| CVE-2022-2795 | — | < 9.16.6-150300.22.21.2 | 9.16.6-150300.22.21.2 | Sep 21, 2022 | By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. | ||
| CVE-2021-25220 | — | < 9.16.6-150300.22.16.1 | 9.16.6-150300.22.16.1 | Mar 23, 2022 | BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have | ||
| CVE-2021-25219 | — | < 9.16.6-150300.22.13.1 | 9.16.6-150300.22.13.1 | Oct 27, 2021 | In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a | ||
| CVE-2021-25215 | — | < 9.16.6-22.7.1 | 9.16.6-22.7.1 | Apr 29, 2021 | In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a qu | ||
| CVE-2021-25214 | — | < 9.16.6-22.7.1 | 9.16.6-22.7.1 | Apr 29, 2021 | In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of n |
- CVE-2022-38178Sep 21, 2022affected < 9.16.6-150300.22.21.2fixed 9.16.6-150300.22.21.2
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
- CVE-2022-38177Sep 21, 2022affected < 9.16.6-150300.22.21.2fixed 9.16.6-150300.22.21.2
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
- CVE-2022-2795Sep 21, 2022affected < 9.16.6-150300.22.21.2fixed 9.16.6-150300.22.21.2
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
- CVE-2021-25220Mar 23, 2022affected < 9.16.6-150300.22.16.1fixed 9.16.6-150300.22.16.1
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have
- CVE-2021-25219Oct 27, 2021affected < 9.16.6-150300.22.13.1fixed 9.16.6-150300.22.13.1
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a
- CVE-2021-25215Apr 29, 2021affected < 9.16.6-22.7.1fixed 9.16.6-22.7.1
In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a qu
- CVE-2021-25214Apr 29, 2021affected < 9.16.6-22.7.1fixed 9.16.6-22.7.1
In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of n