Main Vulnerability Database SB2022100338

SB2022100338 - Red Hat Enterprise Linux 7 update for bind

Published: October 3, 2022

Security Bulletin ID SB2022100338

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Memory leak (CVE-ID: CVE-2022-38177)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in the DNSSEC verification code for the ECDSA algorithm. A remote attacker can spoof the target resolver with responses that have a malformed ECDSA signature and perform denial of service attack.

2) Memory leak (CVE-ID: CVE-2022-38178)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in the DNSSEC verification code for the EdDSA algorithm. A remote attacker can spoof the target resolver with responses that have a malformed EdDSA signature and perform denial of service attack.

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2022:6765

SB2022100338 - Red Hat Enterprise Linux 7 update for bind

Breakdown by Severity

Description

Remediation

References

Please verify you're human