7.5
CVE-2022-38178
- EPSS 2.18%
- Veröffentlicht 21.09.2022 11:15:09
- Zuletzt bearbeitet 28.05.2025 16:15:26
- Quelle security-officer@isc.org
- CVE-Watchlists
- Unerledigt
Memory leaks in EdDSA DNSSEC verification code
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version11.0
Fedoraproject ≫ Fedora Version35
Fedoraproject ≫ Fedora Version36
Fedoraproject ≫ Fedora Version37
Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.18% | 0.801 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| security-officer@isc.org | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://security.gentoo.org/glsa/202210-25
http://www.openwall.com/lists/oss-security/2022/09/21/3
https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/
https://www.debian.org/security/2022/dsa-5235
https://kb.isc.org/docs/cve-2022-38178
https://security.netapp.com/advisory/ntap-20221228-0009/