CVE-2022-2906 - Vulnerability Details - OpenCVE

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Isc	Bind

Configuration 1 [-]

OR	cpe:2.3:a:isc:bind:::::-:::*
	cpe:2.3:a:isc:bind:::::-:::*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2022/09/21/3
https://kb.isc.org/docs/cve-2022-2906
https://nvd.nist.gov/vuln/detail/CVE-2022-2906
https://security.gentoo.org/glsa/202210-25
https://www.cve.org/CVERecord?id=CVE-2022-2906

History

No history.

MITRE

Status: PUBLISHED

Assigner: isc

Published: 2022-09-21T10:15:27.446868Z

Updated: 2024-09-17T03:39:00.585Z

Reserved: 2022-08-19T00:00:00

Link: CVE-2022-2906

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-09-21T11:15:09.620

Modified: 2024-11-21T07:01:54.460

Link: CVE-2022-2906

Redhat

Severity : Moderate

Publid Date: 2022-09-21T00:00:00Z

Links: CVE-2022-2906 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-2906", "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "datePublished": "2022-09-21T10:15:27.446868Z", "dateUpdated": "2024-09-17T03:39:00.585Z", "dateReserved": "2022-08-19T00:00:00"}, "containers": {"cna": {"title": "Memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs (OpenSSL 3.0.0+ only)", "datePublic": "2022-09-21T00:00:00", "providerMetadata": {"orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc", "dateUpdated": "2022-10-31T00:00:00"}, "descriptions": [{"lang": "en", "value": "An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service."}], "affected": [{"vendor": "ISC", "product": "BIND9", "versions": [{"version": "Open Source Branch 9.18 9.18.0 through versions before 9.18.7", "status": "affected"}, {"version": "Development Branch 9.19 9.19.0 through versions before 9.19.5", "status": "affected"}]}], "references": [{"url": "https://kb.isc.org/docs/cve-2022-2906"}, {"name": "[oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/3"}, {"name": "GLSA-202210-25", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202210-25"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "In BIND 9.18.0 -> 9.18.6 and versions 9.19.0 -> 9.19.4 of the BIND 9.19 development branch, changes between OpenSSL 1.x and OpenSSL 3.0 expose a flaw in named that causes a small memory leak in key processing when using TKEY records in Diffie-Hellman mode with OpenSSL 3.0.0 and later versions."}]}], "source": {"discovery": "INTERNAL"}, "workarounds": [{"lang": "en", "value": "There are no known workarounds. TKEY record processing in GSS-TSIG mode is not affected by this defect. The memory leak impacts authoritative DNS server TKEY record processing only. Client processing (resolver functions) do not trigger this defect."}], "exploits": [{"lang": "en", "value": "This flaw was discovered in internal testing. We are not aware of any active exploits."}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND: BIND 9.18.7 or BIND 9.19.5."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:52:59.888Z"}, "title": "CVE Program Container", "references": [{"url": "https://kb.isc.org/docs/cve-2022-2906", "tags": ["x_transferred"]}, {"name": "[oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/3"}, {"name": "GLSA-202210-25", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202210-25"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "matchCriteriaId": "BAE4B411-40F7-422D-8A5C-775ED1D00189", "versionEndExcluding": "9.18.7", "versionStartIncluding": "9.18.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "matchCriteriaId": "3E1EC206-AC11-4A7E-9723-C4F69FF76892", "versionEndExcluding": "9.19.5", "versionStartIncluding": "9.19.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service."}, {"lang": "es", "value": "Un atacante puede aprovechar este fallo para erosionar gradualmente la memoria disponible hasta el punto de que named sea bloqueado por falta de recursos. Al reiniciar, el atacante tendr\u00eda que empezar de nuevo, pero sin embargo se presenta la posibilidad de denegar el servicio"}], "id": "CVE-2022-2906", "lastModified": "2024-11-21T07:01:54.460", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-officer@isc.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-21T11:15:09.620", "references": [{"source": "security-officer@isc.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/3"}, {"source": "security-officer@isc.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://kb.isc.org/docs/cve-2022-2906"}, {"source": "security-officer@isc.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202210-25"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://kb.isc.org/docs/cve-2022-2906"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202210-25"}], "sourceIdentifier": "security-officer@isc.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Maksym Odinintsev for reporting this issue.", "bugzilla": {"description": "bind: memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs", "id": "2128598", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128598"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-401", "details": ["An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.", "A flaw was found in the Bind package, where a flaw in \u2018named\u2019 can cause a small memory leak in key processing when using TKEY records in Diffie-Hellman mode with OpenSSL 3.0.0 and later versions. This flaw allows an attacker to gradually erode available memory to the point where \u2018named\u2019 crashes due to a lack of resources."], "name": "CVE-2022-2906", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "bind9.16", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "dhcp", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-09-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-2906\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2906"], "statement": "This flaw only affects versions BIND-9.18.0 and higher, whereas Red Hat ships BIND-9.16 and lower versions. Therefore, versions of BIND shipped with Red Hat Products are not affected by this flaw.", "threat_severity": "Moderate"}