CVE-2022-2906

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-2906
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-2906.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-2906
Downstream
Related
Published
2022-09-21T11:15:09.620Z
Modified
2026-02-03T07:33:22.140901Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.

References

Affected packages

Git / gitlab.isc.org/isc-projects/bind9

Affected ranges

Type
GIT
Repo
https://gitlab.isc.org/isc-projects/bind9
Events
Introduced
cab15392afd841fe3b0bacd894003376d857459a
Fixed
5b2fed25f4f7d2c08b38c4d94193715cdbb2e038
Introduced
8db45afa1affcb823e68afdeddedf93e136f5d3e
Fixed
85a6eb108e884467c4b3af414140d6b033a89a62

Affected versions

v9.*
v9.18.0
v9.18.2
v9.18.3
v9.18.4
v9.18.5
v9.18.6
v9.19.0
v9.19.1
v9.19.2
v9.19.3
v9.19.4

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-2906.json"