CVE search results

21 – 30 of 150 results

Detailed view

Sort by:

CVE-2022-3736

Medium priority

Fixed

BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12...

2 affected packages

bind9, isc-dhcp

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
bind9	—	Fixed	Not affected	Not affected	Not affected
isc-dhcp	—	Not affected	Not affected	Not affected	Not affected

CVE-2022-3094

Medium priority

Fixed

Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited....

2 affected packages

bind9, isc-dhcp

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
bind9	—	Fixed	Fixed	Not affected	Not affected
isc-dhcp	—	Not affected	Not affected	Not affected	Not affected

CVE-2022-38178

Medium priority

Fixed

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

2 affected packages

bind9, isc-dhcp

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
bind9	—	Fixed	Fixed	Fixed	Not affected
isc-dhcp	—	Not affected	Not affected	Not affected	Not affected

CVE-2022-38177

Medium priority

Fixed

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

2 affected packages

bind9, isc-dhcp

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
bind9	—	Not affected	Fixed	Fixed	Fixed
isc-dhcp	—	Not affected	Not affected	Not affected	Not affected

CVE-2022-3080

Medium priority

Fixed

By sending specific queries to the resolver, an attacker can cause named to crash.

2 affected packages

bind9, isc-dhcp

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
bind9	—	Fixed	Not affected	Not affected	Not affected
isc-dhcp	—	Not affected	Not affected	Not affected	Not affected

CVE-2022-2906

Medium priority

Fixed

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.

2 affected packages

bind9, isc-dhcp

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
bind9	—	Fixed	Not affected	Not affected	Not affected
isc-dhcp	—	Not affected	Not affected	Not affected	Not affected

CVE-2022-2881

Medium priority

Fixed

The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.

2 affected packages

bind9, isc-dhcp

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
bind9	—	Fixed	Not affected	Not affected	Not affected
isc-dhcp	—	Not affected	Not affected	Not affected	Not affected

CVE-2022-2795

Medium priority

Some fixes available 10 of 17

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

3 affected packages

bind9, bind9-libs, isc-dhcp

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
bind9	Fixed	Fixed	Fixed	Fixed	Fixed
bind9-libs	Not in release	Needs evaluation	Needs evaluation	Not in release	Not in release
isc-dhcp	Vulnerable	Not affected	Not affected	Not affected	Not affected

CVE-2022-1183

Medium priority

Fixed

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in...

1 affected package

bind9

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
bind9	—	Fixed	Not affected	Not affected	Not affected

CVE-2022-0667

Medium priority

Fixed

When the vulnerability is triggered the BIND process will exit. BIND 9.18.0

1 affected package

bind9

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
bind9	—	Fixed	Not affected	Not affected	Not affected

Export to JSON

Results by page:

Search CVE reports