CVE-2022-2906

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-2906

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2906.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-2906

Downstream

ALPINE-CVE-2022-2906

DEBIAN-CVE-2022-2906

OESA-2022-1981

OESA-2022-1982

OESA-2022-1983

UBUNTU-CVE-2022-2906

USN-5626-1

openSUSE-SU-2024:12356-1

Related

Published

2022-09-21T11:15:09Z

Modified

2025-10-16T05:19:59.280732Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.

References

Affected packages

Git / github.com/isc-projects/bind9

Affected ranges

Type: GIT
Repo: https://github.com/isc-projects/bind9
Events: Introduced

cab15392afd841fe3b0bacd894003376d857459a

Fixed

5b2fed25f4f7d2c08b38c4d94193715cdbb2e038

Type: GIT
Repo: https://gitlab.isc.org/isc-projects/bind9
Events: Introduced

8db45afa1affcb823e68afdeddedf93e136f5d3e

Fixed

85a6eb108e884467c4b3af414140d6b033a89a62

Affected versions

v9.*

v9.18.0

v9.18.2

v9.18.3

v9.18.4

v9.18.5

v9.18.6

v9.19.0

v9.19.1

v9.19.2

v9.19.3

v9.19.4