OESA-2022-1981
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1981
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2022-1981.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2022-1981
- Upstream
- Published
- 2022-10-14T11:04:24Z
- Modified
- 2025-08-12T05:13:23.476362Z
- Summary
- bind security update
- Details
-
BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly.
Security Fix(es):
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.(CVE-2022-38177)
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.(CVE-2022-38178)
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.(CVE-2022-2795)
The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.(CVE-2022-2881)
An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.(CVE-2022-2906)
- Database specific
{ "severity": "High" }- References
-
- https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1981
- https://nvd.nist.gov/vuln/detail/CVE-2022-38177
- https://nvd.nist.gov/vuln/detail/CVE-2022-38178
- https://nvd.nist.gov/vuln/detail/CVE-2022-2795
- https://nvd.nist.gov/vuln/detail/CVE-2022-2881
- https://nvd.nist.gov/vuln/detail/CVE-2022-2906
Affected packages
openEuler:20.03-LTS-SP1 / bind
Package
- Name
- bind
- Purl
- pkg:rpm/openEuler/bind&distro=openEuler-20.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.11.21-15.oe1
Ecosystem specific
{
"src": [
"bind-9.11.21-15.oe1.src.rpm"
],
"x86_64": [
"bind-pkcs11-9.11.21-15.oe1.x86_64.rpm",
"bind-9.11.21-15.oe1.x86_64.rpm",
"bind-export-devel-9.11.21-15.oe1.x86_64.rpm",
"bind-devel-9.11.21-15.oe1.x86_64.rpm",
"bind-utils-9.11.21-15.oe1.x86_64.rpm",
"bind-chroot-9.11.21-15.oe1.x86_64.rpm",
"bind-libs-lite-9.11.21-15.oe1.x86_64.rpm",
"bind-export-libs-9.11.21-15.oe1.x86_64.rpm",
"bind-debugsource-9.11.21-15.oe1.x86_64.rpm",
"bind-debuginfo-9.11.21-15.oe1.x86_64.rpm",
"bind-libs-9.11.21-15.oe1.x86_64.rpm",
"bind-pkcs11-devel-9.11.21-15.oe1.x86_64.rpm"
],
"aarch64": [
"bind-export-devel-9.11.21-15.oe1.aarch64.rpm",
"bind-export-libs-9.11.21-15.oe1.aarch64.rpm",
"bind-9.11.21-15.oe1.aarch64.rpm",
"bind-chroot-9.11.21-15.oe1.aarch64.rpm",
"bind-libs-9.11.21-15.oe1.aarch64.rpm",
"bind-debuginfo-9.11.21-15.oe1.aarch64.rpm",
"bind-utils-9.11.21-15.oe1.aarch64.rpm",
"bind-libs-lite-9.11.21-15.oe1.aarch64.rpm",
"bind-pkcs11-9.11.21-15.oe1.aarch64.rpm",
"bind-devel-9.11.21-15.oe1.aarch64.rpm",
"bind-debugsource-9.11.21-15.oe1.aarch64.rpm",
"bind-pkcs11-devel-9.11.21-15.oe1.aarch64.rpm"
],
"noarch": [
"python3-bind-9.11.21-15.oe1.noarch.rpm"
]
}