Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-38178 (GCVE-0-2022-38178)
Vulnerability from cvelistv5 – Published: 2022-09-21 10:15 – Updated: 2025-05-28 15:23
VLAI?
EPSS
Title
Memory leaks in EdDSA DNSSEC verification code
Summary
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
Severity ?
7.5 (High)
CWE
- In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.16.32, 9.18.0 -> 9.18.6, versions 9.11.4-S1 -> 9.11.37-S1, 9.16.8-S1 -> 9.16.32-S1 of the BIND Supported Preview Edition, and versions 9.19.0 -> 9.19.4 of the BIND 9.19 development branch, the DNSSEC verification code for the EdDSA algorithm leaks memory when there is a signature length mismatch.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ISC | BIND9 |
Affected:
Open Source Branch 9.9 9.9.12 through versions up to and including 9.9.13
Affected: Open Source Branch 9.10 9.10.7 through versions up to and including 9.10.8 Affected: Open Source Branches 9.11 through 9.16 9.11.3 through versions before 9.16.33 Affected: Open Source Branch 9.18 9.18.0 through versions before 9.18.7 Affected: Supported Preview Branch 9.11-S 9.11.4-S1 through versions up to and including 9.11.37-S1 Affected: Supported Preview Branch 9.16-S 9.16.8-S1 through versions before 9.16.33-S1 Affected: Development Branch 9.19 9.19.0 through versions before 9.19.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2022-38178"
},
{
"name": "[oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/21/3"
},
{
"name": "DSA-5235",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5235"
},
{
"name": "FEDORA-2022-ef038365de",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/"
},
{
"name": "FEDORA-2022-8268735e06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/"
},
{
"name": "FEDORA-2022-b197d64471",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/"
},
{
"name": "[debian-lts-announce] 20221005 [SECURITY] [DLA 3138-1] bind9 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html"
},
{
"name": "GLSA-202210-25",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-25"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221228-0009/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38178",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T15:22:52.026415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T15:23:06.572Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BIND9",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "Open Source Branch 9.9 9.9.12 through versions up to and including 9.9.13"
},
{
"status": "affected",
"version": "Open Source Branch 9.10 9.10.7 through versions up to and including 9.10.8"
},
{
"status": "affected",
"version": "Open Source Branches 9.11 through 9.16 9.11.3 through versions before 9.16.33"
},
{
"status": "affected",
"version": "Open Source Branch 9.18 9.18.0 through versions before 9.18.7"
},
{
"status": "affected",
"version": "Supported Preview Branch 9.11-S 9.11.4-S1 through versions up to and including 9.11.37-S1"
},
{
"status": "affected",
"version": "Supported Preview Branch 9.16-S 9.16.8-S1 through versions before 9.16.33-S1"
},
{
"status": "affected",
"version": "Development Branch 9.19 9.19.0 through versions before 9.19.5"
}
]
}
],
"datePublic": "2022-09-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources."
}
],
"exploits": [
{
"lang": "en",
"value": "This flaw was discovered in internal testing. We are not aware of any active exploits."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "In BIND 9.9.12 -\u003e 9.9.13, 9.10.7 -\u003e 9.10.8, 9.11.3 -\u003e 9.16.32, 9.18.0 -\u003e 9.18.6, versions 9.11.4-S1 -\u003e 9.11.37-S1, 9.16.8-S1 -\u003e 9.16.32-S1 of the BIND Supported Preview Edition, and versions 9.19.0 -\u003e 9.19.4 of the BIND 9.19 development branch, the DNSSEC verification code for the EdDSA algorithm leaks memory when there is a signature length mismatch.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-28T00:00:00.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"url": "https://kb.isc.org/docs/cve-2022-38178"
},
{
"name": "[oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/21/3"
},
{
"name": "DSA-5235",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5235"
},
{
"name": "FEDORA-2022-ef038365de",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/"
},
{
"name": "FEDORA-2022-8268735e06",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/"
},
{
"name": "FEDORA-2022-b197d64471",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/"
},
{
"name": "[debian-lts-announce] 20221005 [SECURITY] [DLA 3138-1] bind9 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html"
},
{
"name": "GLSA-202210-25",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-25"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221228-0009/"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND: BIND 9.16.33, BIND 9.18.7, BIND 9.19.5, or for BIND Supported Preview Edition (a special feature preview branch of BIND provided to eligible ISC support customers): BIND 9.16.33-S1."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Memory leaks in EdDSA DNSSEC verification code",
"workarounds": [
{
"lang": "en",
"value": "Disable the following algorithms in your configuration using the disable-algorithms option: ED25519, ED448. Note that this causes zones signed with these algorithms to be treated as insecure."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2022-38178",
"datePublished": "2022-09-21T10:15:29.078Z",
"dateReserved": "2022-08-12T00:00:00.000Z",
"dateUpdated": "2025-05-28T15:23:06.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://kb.isc.org/docs/cve-2022-38178\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/09/21/3\", \"name\": \"[oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5235\", \"name\": \"DSA-5235\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/\", \"name\": \"FEDORA-2022-ef038365de\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/\", \"name\": \"FEDORA-2022-8268735e06\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/\", \"name\": \"FEDORA-2022-b197d64471\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html\", \"name\": \"[debian-lts-announce] 20221005 [SECURITY] [DLA 3138-1] bind9 security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202210-25\", \"name\": \"GLSA-202210-25\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20221228-0009/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T10:45:52.980Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-38178\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-28T15:22:52.026415Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-401\", \"description\": \"CWE-401 Missing Release of Memory after Effective Lifetime\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-28T15:23:03.900Z\"}}], \"cna\": {\"title\": \"Memory leaks in EdDSA DNSSEC verification code\", \"source\": {\"discovery\": \"INTERNAL\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"ISC\", \"product\": \"BIND9\", \"versions\": [{\"status\": \"affected\", \"version\": \"Open Source Branch 9.9 9.9.12 through versions up to and including 9.9.13\"}, {\"status\": \"affected\", \"version\": \"Open Source Branch 9.10 9.10.7 through versions up to and including 9.10.8\"}, {\"status\": \"affected\", \"version\": \"Open Source Branches 9.11 through 9.16 9.11.3 through versions before 9.16.33\"}, {\"status\": \"affected\", \"version\": \"Open Source Branch 9.18 9.18.0 through versions before 9.18.7\"}, {\"status\": \"affected\", \"version\": \"Supported Preview Branch 9.11-S 9.11.4-S1 through versions up to and including 9.11.37-S1\"}, {\"status\": \"affected\", \"version\": \"Supported Preview Branch 9.16-S 9.16.8-S1 through versions before 9.16.33-S1\"}, {\"status\": \"affected\", \"version\": \"Development Branch 9.19 9.19.0 through versions before 9.19.5\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"This flaw was discovered in internal testing. We are not aware of any active exploits.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Upgrade to the patched release most closely related to your current version of BIND: BIND 9.16.33, BIND 9.18.7, BIND 9.19.5, or for BIND Supported Preview Edition (a special feature preview branch of BIND provided to eligible ISC support customers): BIND 9.16.33-S1.\"}], \"datePublic\": \"2022-09-21T00:00:00.000Z\", \"references\": [{\"url\": \"https://kb.isc.org/docs/cve-2022-38178\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/09/21/3\", \"name\": \"[oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5235\", \"name\": \"DSA-5235\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/\", \"name\": \"FEDORA-2022-ef038365de\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/\", \"name\": \"FEDORA-2022-8268735e06\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/\", \"name\": \"FEDORA-2022-b197d64471\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html\", \"name\": \"[debian-lts-announce] 20221005 [SECURITY] [DLA 3138-1] bind9 security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://security.gentoo.org/glsa/202210-25\", \"name\": \"GLSA-202210-25\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20221228-0009/\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Disable the following algorithms in your configuration using the disable-algorithms option: ED25519, ED448. Note that this causes zones signed with these algorithms to be treated as insecure.\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"In BIND 9.9.12 -\u003e 9.9.13, 9.10.7 -\u003e 9.10.8, 9.11.3 -\u003e 9.16.32, 9.18.0 -\u003e 9.18.6, versions 9.11.4-S1 -\u003e 9.11.37-S1, 9.16.8-S1 -\u003e 9.16.32-S1 of the BIND Supported Preview Edition, and versions 9.19.0 -\u003e 9.19.4 of the BIND 9.19 development branch, the DNSSEC verification code for the EdDSA algorithm leaks memory when there is a signature length mismatch.\"}]}], \"providerMetadata\": {\"orgId\": \"404fd4d2-a609-4245-b543-2c944a302a22\", \"shortName\": \"isc\", \"dateUpdated\": \"2022-12-28T00:00:00.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-38178\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-28T15:23:06.572Z\", \"dateReserved\": \"2022-08-12T00:00:00.000Z\", \"assignerOrgId\": \"404fd4d2-a609-4245-b543-2c944a302a22\", \"datePublished\": \"2022-09-21T10:15:29.078Z\", \"assignerShortName\": \"isc\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
FKIE_CVE-2022-38178
Vulnerability from fkie_nvd - Published: 2022-09-21 11:15 - Updated: 2025-05-28 16:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | bind | * | |
| isc | bind | * | |
| isc | bind | * | |
| isc | bind | 9.11.3 | |
| isc | bind | 9.11.3 | |
| isc | bind | 9.11.5 | |
| isc | bind | 9.11.5 | |
| isc | bind | 9.11.5 | |
| isc | bind | 9.11.5 | |
| isc | bind | 9.11.6 | |
| isc | bind | 9.11.7 | |
| isc | bind | 9.11.8 | |
| isc | bind | 9.11.12 | |
| isc | bind | 9.11.14-s1 | |
| isc | bind | 9.11.19-s1 | |
| isc | bind | 9.11.21 | |
| isc | bind | 9.11.27 | |
| isc | bind | 9.11.29 | |
| isc | bind | 9.11.35 | |
| isc | bind | 9.11.37 | |
| isc | bind | 9.16.8 | |
| isc | bind | 9.16.11 | |
| isc | bind | 9.16.13 | |
| isc | bind | 9.16.21 | |
| isc | bind | 9.16.32 | |
| debian | debian_linux | 11.0 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 | |
| netapp | active_iq_unified_manager | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "444F158A-CA67-4E10-9F4B-DC47B9855E95",
"versionEndIncluding": "9.9.13",
"versionStartIncluding": "9.9.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B60E5A42-D9B1-47FF-95AB-E19E54AC90C2",
"versionEndIncluding": "9.10.8",
"versionStartIncluding": "9.10.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D33CEC6-E786-49B7-8DDA-13250DB1C9C9",
"versionEndIncluding": "9.16.32",
"versionStartIncluding": "9.11.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.11.3:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "C2FE13E1-0646-46FC-875B-CB4C34E20101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.11.3:s4:*:*:supported_preview:*:*:*",
"matchCriteriaId": "39995ADF-74CC-4035-ADB2-010F676FCEC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.11.5:s3:*:*:*:supported_preview:*:*",
"matchCriteriaId": "B6F72F80-D178-4F6D-8D16-85C0DEEE275B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*",
"matchCriteriaId": "1AA16E51-819C-4A1B-B66E-1C60C1782C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.11.5:s5:*:*:supported_preview:*:*:*",
"matchCriteriaId": "91533F9F-C0E5-4E84-8A4C-F744F956BF97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.11.5:s6:*:*:supported_preview:*:*:*",
"matchCriteriaId": "46E6A4BD-D69B-4A70-821D-5612DD1315EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.11.6:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "8AF9D390-0D5B-4963-A2D3-BF1E7CD95E9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.11.7:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "AB2B92F1-6BA8-41CA-9000-E0633462CC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.11.8:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "02CA4635-7DFC-408E-A837-856E0F96CA1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.11.12:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "3CABCB08-B838-45F7-AA87-77C6B8767DD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.11.14-s1:*:*:*:preview:*:*:*",
"matchCriteriaId": "FB597385-BCFD-4CDB-9328-B4F76D586E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.11.19-s1:*:*:*:preview:*:*:*",
"matchCriteriaId": "42C76CEF-FD0B-40A4-B246-A71F3EC72B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.11.21:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "5CC1F26C-4757-4C87-BD8B-2FA456A88C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.11.27:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "582A4948-B64F-45D4-807A-846A85BB6B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.11.29:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "F22E7F6A-0714-480D-ACDF-5027FD6697B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.11.35:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "255AEB06-F071-4433-93E5-9436086C1A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.11.37:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "EF14D712-5FCF-492F-BE3E-745109E9D6E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.16.8:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "288EAD80-574B-4839-9C2C-81D6D088A733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.16.11:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "3595F024-F910-4356-8B5B-D478960FF574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.16.13:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "94661BA2-27F8-4FFE-B844-9404F735579D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.16.21:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "751E37C2-8BFD-4306-95C1-8C01CE495FA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:9.16.32:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "CC432820-F1A2-4132-A673-2620119553C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources."
},
{
"lang": "es",
"value": "Al falsificar el resolver objetivo con respuestas que presentan una firma EdDSA malformada, un atacante puede desencadenar una peque\u00f1a p\u00e9rdida de memoria. Es posible erosionar gradualmente la memoria disponible hasta el punto de que named sea bloqueado por falta de recursos"
}
],
"id": "CVE-2022-38178",
"lastModified": "2025-05-28T16:15:26.723",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-officer@isc.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-21T11:15:09.733",
"references": [
{
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/21/3"
},
{
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://kb.isc.org/docs/cve-2022-38178"
},
{
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html"
},
{
"source": "security-officer@isc.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/"
},
{
"source": "security-officer@isc.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/"
},
{
"source": "security-officer@isc.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-25"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221228-0009/"
},
{
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/21/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://kb.isc.org/docs/cve-2022-38178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221228-0009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5235"
}
],
"sourceIdentifier": "security-officer@isc.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GSD-2022-38178
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-38178",
"description": "By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.",
"id": "GSD-2022-38178",
"references": [
"https://www.debian.org/security/2022/dsa-5235",
"https://advisories.mageia.org/CVE-2022-38178.html",
"https://access.redhat.com/errata/RHSA-2022:6763",
"https://access.redhat.com/errata/RHSA-2022:6764",
"https://access.redhat.com/errata/RHSA-2022:6765",
"https://access.redhat.com/errata/RHSA-2022:6778",
"https://access.redhat.com/errata/RHSA-2022:6779",
"https://access.redhat.com/errata/RHSA-2022:6780",
"https://access.redhat.com/errata/RHSA-2022:6781",
"https://access.redhat.com/errata/RHSA-2022:8598",
"https://www.suse.com/security/cve/CVE-2022-38178.html",
"https://ubuntu.com/security/CVE-2022-38178",
"https://security.archlinux.org/CVE-2022-38178"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-38178"
],
"details": "By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.",
"id": "GSD-2022-38178",
"modified": "2023-12-13T01:19:22.347595Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2022-09-21T09:39:29.000Z",
"ID": "CVE-2022-38178",
"STATE": "PUBLIC",
"TITLE": "Memory leaks in EdDSA DNSSEC verification code"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIND9",
"version": {
"version_data": [
{
"version_name": "Open Source Branch 9.9",
"version_value": "9.9.12 through versions up to and including 9.9.13"
},
{
"version_name": "Open Source Branch 9.10",
"version_value": "9.10.7 through versions up to and including 9.10.8"
},
{
"version_name": "Open Source Branches 9.11 through 9.16",
"version_value": "9.11.3 through versions before 9.16.33"
},
{
"version_name": "Open Source Branch 9.18",
"version_value": "9.18.0 through versions before 9.18.7"
},
{
"version_name": "Supported Preview Branch 9.11-S",
"version_value": "9.11.4-S1 through versions up to and including 9.11.37-S1"
},
{
"version_name": "Supported Preview Branch 9.16-S",
"version_value": "9.16.8-S1 through versions before 9.16.33-S1"
},
{
"version_name": "Development Branch 9.19",
"version_value": "9.19.0 through versions before 9.19.5"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "This flaw was discovered in internal testing. We are not aware of any active exploits."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "In BIND 9.9.12 -\u003e 9.9.13, 9.10.7 -\u003e 9.10.8, 9.11.3 -\u003e 9.16.32, 9.18.0 -\u003e 9.18.6, versions 9.11.4-S1 -\u003e 9.11.37-S1, 9.16.8-S1 -\u003e 9.16.32-S1 of the BIND Supported Preview Edition, and versions 9.19.0 -\u003e 9.19.4 of the BIND 9.19 development branch, the DNSSEC verification code for the EdDSA algorithm leaks memory when there is a signature length mismatch."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/cve-2022-38178",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/cve-2022-38178"
},
{
"name": "[oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/09/21/3"
},
{
"name": "DSA-5235",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5235"
},
{
"name": "FEDORA-2022-ef038365de",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/"
},
{
"name": "FEDORA-2022-8268735e06",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/"
},
{
"name": "FEDORA-2022-b197d64471",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/"
},
{
"name": "[debian-lts-announce] 20221005 [SECURITY] [DLA 3138-1] bind9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html"
},
{
"name": "GLSA-202210-25",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202210-25"
},
{
"name": "https://security.netapp.com/advisory/ntap-20221228-0009/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20221228-0009/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to the patched release most closely related to your current version of BIND: BIND 9.16.33, BIND 9.18.7, BIND 9.19.5, or for BIND Supported Preview Edition (a special feature preview branch of BIND provided to eligible ISC support customers): BIND 9.16.33-S1."
}
],
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Disable the following algorithms in your configuration using the disable-algorithms option: ED25519, ED448. Note that this causes zones signed with these algorithms to be treated as insecure."
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.10.8",
"versionStartIncluding": "9.10.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.11.7:s1:*:*:supported_preview:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.11.3:s1:*:*:supported_preview:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.11.6:s1:*:*:supported_preview:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.11.5:s5:*:*:supported_preview:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.11.5:s3:*:*:*:supported_preview:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.11.5:s6:*:*:supported_preview:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.11.12:s1:*:*:supported_preview:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.11.8:s1:*:*:supported_preview:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.9.13",
"versionStartIncluding": "9.9.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.11.21:s1:*:*:supported_preview:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.16.8:s1:*:*:supported_preview:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.16.11:s1:*:*:supported_preview:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.11.27:s1:*:*:supported_preview:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.16.13:s1:*:*:supported_preview:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.11.29:s1:*:*:supported_preview:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.16.21:s1:*:*:supported_preview:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.11.35:s1:*:*:supported_preview:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.11.14-s1:*:*:*:preview:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.11.19-s1:*:*:*:preview:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.11.37:s1:*:*:supported_preview:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.16.32:s1:*:*:supported_preview:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.11.3:s4:*:*:supported_preview:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.16.32",
"versionStartIncluding": "9.11.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"ID": "CVE-2022-38178"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/cve-2022-38178",
"refsource": "CONFIRM",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://kb.isc.org/docs/cve-2022-38178"
},
{
"name": "[oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/21/3"
},
{
"name": "DSA-5235",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5235"
},
{
"name": "FEDORA-2022-ef038365de",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/"
},
{
"name": "FEDORA-2022-8268735e06",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/"
},
{
"name": "FEDORA-2022-b197d64471",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/"
},
{
"name": "[debian-lts-announce] 20221005 [SECURITY] [DLA 3138-1] bind9 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html"
},
{
"name": "GLSA-202210-25",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-25"
},
{
"name": "https://security.netapp.com/advisory/ntap-20221228-0009/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221228-0009/"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-03-01T16:34Z",
"publishedDate": "2022-09-21T11:15Z"
}
}
}
CERTFR-2023-AVI-0051
Vulnerability from certfr_avis - Published: 2023-01-23 - Updated: 2023-01-23
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | NorthStar Controller versions antérieures à 6.2.3 | ||
| Juniper Networks | N/A | Contrail Cloud versions antérieures à 13.7.0 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 19.2R3-EVO, 19.3R3-EVO, 19.4R3-EVO, 20.1R3-EVO, 20.2R2-EVO, 20.3R1-EVO, 20.4R2-EVO, 20.4R3-S3-EVO, 20.4R3-S4-EVO, 21.1R2-EVO, 21.2R1-EVO, 21.2R3-S4-EVO, 21.3R2-EVO, 21.3R3-EVO, 21.3R3-S1-EVO, 21.4R1-EVO, 21.4R2-EVO, 21.4R2-S1-EVO, 21.4R2-S2-EVO, 21.4R3-EVO, 22.1R1-EVO, 22.1R1-S2-EVO, 22.1R2-EVO, 22.1R3-EVO, 22.2R1-EVO, 22.2R1-S1-EVO, 22.2R2-EVO et 22.3R1-EVO | ||
| Juniper Networks | N/A | Juniper Networks Contrail Service Orchestration (CSO) versions antérieures à 6.3.0 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 15.1R7-S12, 18.4R2-S7, 19.1R3-S2, 19.1R3-S9, 19.2R1-S9, 19.2R3, 19.2R3-S5, 19.2R3-S6, 19.3R3, 19.3R3-S6, 19.3R3-S7, 19.4R2-S7, 19.4R2-S8, 19.4R3, 19.4R3-S10, 19.4R3-S8, 19.4R3-S9, 20.1R2, 20.1R3-S4, 20.2R2, 20.2R3-S5, 20.2R3-S6, 20.2R3-S7, 20.3R1, 20.3R3-S4, 20.3R3-S5, 20.3R3-S6, 20.4R1, 20.4R3-S3, 20.4R3-S4, 20.4R3-S5, 21.1R1-S1, 21.1R2, 21.1R3, 21.1R3-S3, 21.1R3-S4, 21.1R3-S5, 21.2R1, 21.2R3, 21.2R3-S1, 21.2R3-S2, 21.2R3-S3, 21.3R2, 21.3R3, 21.3R3-S1, 21.3R3-S2, 21.3R3-S3, 21.4R2, 21.4R2-S1, 21.4R2-S2, 21.4R3, 21.4R3-S1, 21.4R3-S2, 22.1R1, 22.1R1-S2, 22.1R2, 22.1R2-S1, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.2R1, 22.2R1-S1, 22.2R1-S2, 22.2R2, 22.2R3, 22.3R1, 22.3R1-S1, 22.3R2 et 22.4R1 | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 22.3R1 | ||
| Juniper Networks | N/A | Cloud Native Contrail Networking versions antérieures à R22.3 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NorthStar Controller versions ant\u00e9rieures \u00e0 6.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Contrail Cloud versions ant\u00e9rieures \u00e0 13.7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 19.2R3-EVO, 19.3R3-EVO, 19.4R3-EVO, 20.1R3-EVO, 20.2R2-EVO, 20.3R1-EVO, 20.4R2-EVO, 20.4R3-S3-EVO, 20.4R3-S4-EVO, 21.1R2-EVO, 21.2R1-EVO, 21.2R3-S4-EVO, 21.3R2-EVO, 21.3R3-EVO, 21.3R3-S1-EVO, 21.4R1-EVO, 21.4R2-EVO, 21.4R2-S1-EVO, 21.4R2-S2-EVO, 21.4R3-EVO, 22.1R1-EVO, 22.1R1-S2-EVO, 22.1R2-EVO, 22.1R3-EVO, 22.2R1-EVO, 22.2R1-S1-EVO, 22.2R2-EVO et 22.3R1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Contrail Service Orchestration (CSO) versions ant\u00e9rieures \u00e0 6.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 15.1R7-S12, 18.4R2-S7, 19.1R3-S2, 19.1R3-S9, 19.2R1-S9, 19.2R3, 19.2R3-S5, 19.2R3-S6, 19.3R3, 19.3R3-S6, 19.3R3-S7, 19.4R2-S7, 19.4R2-S8, 19.4R3, 19.4R3-S10, 19.4R3-S8, 19.4R3-S9, 20.1R2, 20.1R3-S4, 20.2R2, 20.2R3-S5, 20.2R3-S6, 20.2R3-S7, 20.3R1, 20.3R3-S4, 20.3R3-S5, 20.3R3-S6, 20.4R1, 20.4R3-S3, 20.4R3-S4, 20.4R3-S5, 21.1R1-S1, 21.1R2, 21.1R3, 21.1R3-S3, 21.1R3-S4, 21.1R3-S5, 21.2R1, 21.2R3, 21.2R3-S1, 21.2R3-S2, 21.2R3-S3, 21.3R2, 21.3R3, 21.3R3-S1, 21.3R3-S2, 21.3R3-S3, 21.4R2, 21.4R2-S1, 21.4R2-S2, 21.4R3, 21.4R3-S1, 21.4R3-S2, 22.1R1, 22.1R1-S2, 22.1R2, 22.1R2-S1, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.2R1, 22.2R1-S1, 22.2R1-S2, 22.2R2, 22.2R3, 22.3R1, 22.3R1-S1, 22.3R2 et 22.4R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 22.3R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Cloud Native Contrail Networking versions ant\u00e9rieures \u00e0 R22.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-40085",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40085"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2020-14621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
},
{
"name": "CVE-2023-22403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22403"
},
{
"name": "CVE-2020-8696",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
},
{
"name": "CVE-2020-14803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14803"
},
{
"name": "CVE-2023-22393",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22393"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2023-22407",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22407"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2023-22394",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22394"
},
{
"name": "CVE-2020-8695",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
},
{
"name": "CVE-2021-30465",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30465"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2023-22404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22404"
},
{
"name": "CVE-2020-14562",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14562"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2020-14579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
},
{
"name": "CVE-2021-33034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33034"
},
{
"name": "CVE-2021-42574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42574"
},
{
"name": "CVE-2021-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
},
{
"name": "CVE-2023-22405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22405"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2021-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2161"
},
{
"name": "CVE-2021-2341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2341"
},
{
"name": "CVE-2020-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0466"
},
{
"name": "CVE-2021-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
},
{
"name": "CVE-2021-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27219"
},
{
"name": "CVE-2022-38178",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38178"
},
{
"name": "CVE-2023-22409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22409"
},
{
"name": "CVE-2020-14593",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
},
{
"name": "CVE-2021-2160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2160"
},
{
"name": "CVE-2023-22416",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22416"
},
{
"name": "CVE-2020-14797",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14797"
},
{
"name": "CVE-2020-14798",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14798"
},
{
"name": "CVE-2021-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29154"
},
{
"name": "CVE-2020-15778",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15778"
},
{
"name": "CVE-2007-6755",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6755"
},
{
"name": "CVE-2022-21299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
},
{
"name": "CVE-2022-38177",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38177"
},
{
"name": "CVE-2021-2180",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2180"
},
{
"name": "CVE-2020-14578",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
},
{
"name": "CVE-2021-2385",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2385"
},
{
"name": "CVE-2020-26116",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26116"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2021-2194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2194"
},
{
"name": "CVE-2022-21305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21305"
},
{
"name": "CVE-2022-21166",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21166"
},
{
"name": "CVE-2020-14556",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
},
{
"name": "CVE-2020-36385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36385"
},
{
"name": "CVE-2020-14792",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14792"
},
{
"name": "CVE-2020-25704",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25704"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2018-8046",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8046"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-2202",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2202"
},
{
"name": "CVE-2023-22402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22402"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2021-3450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3450"
},
{
"name": "CVE-2020-14781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14781"
},
{
"name": "CVE-2021-2307",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2307"
},
{
"name": "CVE-2023-22400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22400"
},
{
"name": "CVE-2021-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27363"
},
{
"name": "CVE-2022-21366",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21366"
},
{
"name": "CVE-2022-0934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0934"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2021-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
},
{
"name": "CVE-2022-21291",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21291"
},
{
"name": "CVE-2021-39275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
},
{
"name": "CVE-2021-27364",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27364"
},
{
"name": "CVE-2021-2146",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2146"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2021-2432",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2432"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2021-2174",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2174"
},
{
"name": "CVE-2020-0549",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-2526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2526"
},
{
"name": "CVE-2020-12364",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12364"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2021-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
},
{
"name": "CVE-2023-22397",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22397"
},
{
"name": "CVE-2020-14796",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14796"
},
{
"name": "CVE-2022-21125",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21125"
},
{
"name": "CVE-2022-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
},
{
"name": "CVE-2019-1543",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1543"
},
{
"name": "CVE-2021-2389",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2389"
},
{
"name": "CVE-2020-8698",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
},
{
"name": "CVE-2017-12613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12613"
},
{
"name": "CVE-2021-27365",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27365"
},
{
"name": "CVE-2020-8648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2020-27170",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27170"
},
{
"name": "CVE-2023-22399",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22399"
},
{
"name": "CVE-2021-2369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2021-2390",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2390"
},
{
"name": "CVE-2021-2144",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2144"
},
{
"name": "CVE-2022-32250",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32250"
},
{
"name": "CVE-2021-2154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2154"
},
{
"name": "CVE-2023-22398",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22398"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2021-23017",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23017"
},
{
"name": "CVE-2020-14581",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14581"
},
{
"name": "CVE-2020-12363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12363"
},
{
"name": "CVE-2021-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2162"
},
{
"name": "CVE-2021-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
},
{
"name": "CVE-2023-22401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22401"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2023-22396",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22396"
},
{
"name": "CVE-2021-2171",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2171"
},
{
"name": "CVE-2021-34798",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
},
{
"name": "CVE-2020-24489",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
},
{
"name": "CVE-2023-22417",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22417"
},
{
"name": "CVE-2021-2178",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2178"
},
{
"name": "CVE-2020-14573",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14573"
},
{
"name": "CVE-2022-21365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21365"
},
{
"name": "CVE-2020-24513",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24513"
},
{
"name": "CVE-2022-21123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21123"
},
{
"name": "CVE-2022-21283",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21283"
},
{
"name": "CVE-2022-21449",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21449"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2021-22543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
},
{
"name": "CVE-2020-14782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14782"
},
{
"name": "CVE-2020-35498",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35498"
},
{
"name": "CVE-2023-22406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22406"
},
{
"name": "CVE-2021-33909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
},
{
"name": "CVE-2020-27827",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27827"
},
{
"name": "CVE-2023-22391",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22391"
},
{
"name": "CVE-2019-20934",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20934"
},
{
"name": "CVE-2021-28950",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28950"
},
{
"name": "CVE-2021-29650",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29650"
},
{
"name": "CVE-2021-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3715"
},
{
"name": "CVE-2020-36322",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36322"
},
{
"name": "CVE-2021-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
},
{
"name": "CVE-2022-21434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
},
{
"name": "CVE-2023-22412",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22412"
},
{
"name": "CVE-2021-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
},
{
"name": "CVE-2021-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3621"
},
{
"name": "CVE-2021-42739",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42739"
},
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
},
{
"name": "CVE-2022-21294",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21294"
},
{
"name": "CVE-2021-3752",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3752"
},
{
"name": "CVE-2023-22415",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22415"
},
{
"name": "CVE-2022-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29154"
},
{
"name": "CVE-2020-14779",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14779"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2022-0492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2007-2285",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2285"
},
{
"name": "CVE-2020-28196",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28196"
},
{
"name": "CVE-2020-12362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12362"
},
{
"name": "CVE-2021-22555",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22555"
},
{
"name": "CVE-2022-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21341"
},
{
"name": "CVE-2021-3347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2021-37576",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37576"
},
{
"name": "CVE-2020-26137",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26137"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-2226",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2226"
},
{
"name": "CVE-2023-22410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22410"
},
{
"name": "CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"name": "CVE-2020-14583",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
},
{
"name": "CVE-2023-22408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22408"
},
{
"name": "CVE-2022-21340",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21340"
},
{
"name": "CVE-2021-2342",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2342"
},
{
"name": "CVE-2022-22720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
},
{
"name": "CVE-2022-21293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21293"
},
{
"name": "CVE-2022-21549",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21549"
},
{
"name": "CVE-2020-14871",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14871"
},
{
"name": "CVE-2022-21282",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21282"
},
{
"name": "CVE-2022-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21349"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2022-1729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1729"
},
{
"name": "CVE-2021-2179",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2179"
},
{
"name": "CVE-2021-3504",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3504"
},
{
"name": "CVE-2021-2169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2169"
},
{
"name": "CVE-2023-22414",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22414"
},
{
"name": "CVE-2022-21248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21248"
},
{
"name": "CVE-2023-22411",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22411"
},
{
"name": "CVE-2020-14145",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14145"
},
{
"name": "CVE-2022-21277",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21277"
},
{
"name": "CVE-2021-32399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32399"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2020-24512",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
},
{
"name": "CVE-2022-21496",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21496"
},
{
"name": "CVE-2020-11668",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11668"
},
{
"name": "CVE-2019-11287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11287"
},
{
"name": "CVE-2021-44790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2020-24511",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
},
{
"name": "CVE-2021-33033",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33033"
},
{
"name": "CVE-2021-4028",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4028"
},
{
"name": "CVE-2022-21443",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21443"
},
{
"name": "CVE-2021-3765",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3765"
},
{
"name": "CVE-2021-23841",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
},
{
"name": "CVE-2021-40438",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40438"
},
{
"name": "CVE-2020-0543",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
},
{
"name": "CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"name": "CVE-2022-24903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24903"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2019-1551",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
},
{
"name": "CVE-2016-8743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8743"
},
{
"name": "CVE-2021-2372",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2372"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2021-25217",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25217"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2022-21476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21476"
},
{
"name": "CVE-2020-0548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2022-21541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21541"
},
{
"name": "CVE-2020-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0465"
},
{
"name": "CVE-2016-8625",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8625"
},
{
"name": "CVE-2021-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2166"
},
{
"name": "CVE-2022-21360",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21360"
},
{
"name": "CVE-2022-21296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21296"
},
{
"name": "CVE-2022-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21540"
},
{
"name": "CVE-2023-22413",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22413"
},
{
"name": "CVE-2023-22395",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22395"
},
{
"name": "CVE-2021-35940",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35940"
},
{
"name": "CVE-2020-14577",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
}
],
"initial_release_date": "2023-01-23T00:00:00",
"last_revision_date": "2023-01-23T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0051",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-01-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70195 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-QFX10K-Series-PFE-crash-upon-receipt-of-specific-genuine-packets-when-sFlow-is-enabled-CVE-2023-22399?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70183 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Contrail-Cloud-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Cloud-release-13-7-0?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70203 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-RPD-crash-can-happen-due-to-an-MPLS-TE-tunnel-configuration-change-on-a-directly-connected-router-CVE-2023-22407?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70192 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Receipt-of-crafted-TCP-packets-on-Ethernet-console-port-results-in-MBUF-leak-leading-to-Denial-of-Service-DoS-CVE-2023-22396?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70213 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-A-memory-leak-might-be-observed-in-IPsec-VPN-scenario-leading-to-an-FPC-crash-CVE-2023-22417?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70193 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-PTX10003-An-attacker-sending-specific-genuine-packets-will-cause-a-memory-leak-in-the-PFE-leading-to-a-Denial-of-Service-CVE-2023-22397?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70181 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-might-crash-when-MPLS-ping-is-performed-on-BGP-LSPs-CVE-2023-22398?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70186 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-OpenSSL?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70179 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Northstar-Controller-Pivotal-RabbitMQ-contains-a-web-management-plugin-that-is-vulnerable-to-a-Denial-of-Service-DoS-attack-CVE-2019-11287?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70208 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-and-SRX-Series-The-flowd-daemon-will-crash-if-the-SIP-ALG-is-enabled-and-specific-SIP-messages-are-processed-CVE-2023-22412?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70201 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-QFX5k-Series-EX46xx-Series-MAC-limiting-feature-stops-working-after-PFE-restart-device-reboot--CVE-2023-22405?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70209 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-FPC-crash-when-an-IPsec6-tunnel-processes-specific-IPv4-packets-CVE-2023-22413?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70187 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-ACX2K-Series-Receipt-of-a-high-rate-of-specific-traffic-will-lead-to-a-Denial-of-Service-DoS-CVE-2023-22391?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70199 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-QFX10k-Series-ICCP-flap-will-be-observed-due-to-excessive-specific-traffic-CVE-2023-22403?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70180 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-OpenSSL-Infinite-loop-in-BN-mod-sqrt-reachable-when-parsing-certificates-CVE-2022-0778?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70198 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-The-kernel-might-restart-in-a-BGP-scenario-where-bgp-auto-discovery-is-enabled-and-such-a-neighbor-flaps-CVE-2023-22402?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70196 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-A-specific-SNMP-GET-operation-and-a-specific-CLI-commands-cause-resources-to-leak-and-eventually-the-evo-pfemand-process-will-crash-CVE-2023-22400?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70197 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-PTX10008-PTX10016-When-a-specific-SNMP-MIB-is-queried-the-FPC-will-crash-CVE-2023-22401?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70202 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-memory-leak-which-will-ultimately-lead-to-an-rpd-crash-will-be-observed-when-a-peer-interface-flaps-continuously-in-a-Segment-Routing-scenario-CVE-2023-22406?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70190 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-Memory-leak-due-to-receipt-of-specially-crafted-SIP-calls-CVE-2023-22394?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70191 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-In-an-MPLS-scenario-the-processing-of-specific-packets-to-the-device-causes-a-buffer-leak-and-ultimately-a-loss-of-connectivity-CVE-2023-22395?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69903 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Contrail-Networking-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Networking-R22-3?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70204 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-5000-Series-Upon-processing-of-a-specific-SIP-packet-an-FPC-can-crash-CVE-2023-22408?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70200 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-When-IPsec-VPN-is-configured-iked-will-core-when-a-specifically-formatted-payload-is-received-CVE-2023-22404?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70212 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-The-flowd-daemon-will-crash-if-SIP-ALG-is-enabled-and-a-malicious-SIP-packet-is-received-CVE-2023-22416?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70185 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-3R1-release?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70211 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-and-SRX-Series-The-flow-processing-daemon-flowd-will-crash-when-a-specific-H-323-packet-is-received-CVE-2023-22415?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70210 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-PTX-Series-and-QFX10000-Series-An-FPC-memory-leak-is-observed-when-specific-multicast-packets-are-processed-CVE-2023-22414?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70206 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-with-MPC10-MPC11-When-Suspicious-Control-Flow-Detection-scfd-is-enabled-and-an-attacker-is-sending-specific-traffic-this-causes-a-memory-leak-CVE-2023-22410?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70205 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-MX-Series-with-SPC3-When-an-inconsistent-NAT-configuration-exists-and-a-specific-CLI-command-is-issued-the-SPC-will-reboot-CVE-2023-22409?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70182 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Contrail-Service-Orchestration-Multiple-vulnerabilities-resolved-in-CSO-6-3-0?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70189 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-crash-upon-receipt-of-BGP-route-with-invalid-next-hop-CVE-2023-22393?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70207 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-The-flowd-daemon-will-crash-when-Unified-Policies-are-used-with-IPv6-and-certain-dynamic-applications-are-rejected-by-the-device-CVE-2023-22411?language=en_US"
}
]
}
CERTFR-2022-AVI-848
Vulnerability from certfr_avis - Published: 2022-09-21 - Updated: 2022-09-21
De multiples vulnérabilités ont été découvertes dans Bind. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ISC | BIND | BIND Supported Preview Edition versions antérieures à 9.11.37-S1 | ||
| ISC | BIND | BIND versions antérieures à 9.16.32 | ||
| ISC | BIND | BIND Supported Preview Edition versions 9.16.8-S1 antérieures à 9.16.32-S1 | ||
| ISC | BIND | BIND versions 9.18.0 antérieures à 9.18.6 | ||
| ISC | BIND | BIND versions 9.19.0 antérieures à 9.19.4 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND Supported Preview Edition versions ant\u00e9rieures \u00e0 9.11.37-S1",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions ant\u00e9rieures \u00e0 9.16.32",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND Supported Preview Edition versions 9.16.8-S1 ant\u00e9rieures \u00e0 9.16.32-S1",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.18.0 ant\u00e9rieures \u00e0 9.18.6",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.19.0 ant\u00e9rieures \u00e0 9.19.4",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-2906",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2906"
},
{
"name": "CVE-2022-38178",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38178"
},
{
"name": "CVE-2022-38177",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38177"
},
{
"name": "CVE-2022-3080",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3080"
},
{
"name": "CVE-2022-2795",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2795"
},
{
"name": "CVE-2022-2881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2881"
}
],
"initial_release_date": "2022-09-21T00:00:00",
"last_revision_date": "2022-09-21T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-848",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-09-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Bind. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Bind",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Bind cve-2022-2795 du 21 septembre 2022",
"url": "https://kb.isc.org/v1/docs/cve-2022-2795"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Bind cve-2022-38177 du 21 septembre 2022",
"url": "https://kb.isc.org/docs/cve-2022-38177"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Bind cve-2022-2881 du 21 septembre 2022",
"url": "https://kb.isc.org/docs/cve-2022-2881"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Bind cve-2022-2906 du 21 septembre 2022",
"url": "https://kb.isc.org/docs/cve-2022-2906"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Bind cve-2022-3080 du 21 septembre 2022",
"url": "https://kb.isc.org/docs/cve-2022-3080"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Bind cve-2022-38178 du 21 septembre 2022",
"url": "https://kb.isc.org/docs/cve-2022-38178"
}
]
}
CERTFR-2023-AVI-0479
Vulnerability from certfr_avis - Published: 2023-06-22 - Updated: 2023-06-22
De multiples vulnérabilités ont été découvertes dans BIND. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ISC | BIND | BIND versions 9.19.0 à 9.19.13 antérieures à 9.19.14 | ||
| ISC | BIND | BIND versions 9.18.7 à 9.18.15 antérieures à 9.18.16 | ||
| ISC | BIND | BIND versions 9.16.33 à 9.16.41 antérieures à 9.16.42 | ||
| ISC | BIND | BIND Supported Preview Edition versions 9.18.11-S1 à 9.18.15-S1 antérieures à 9.18.16-S1 | ||
| ISC | BIND | BIND Supported Preview Edition versions 9.11.3-S1 à 9.16.41-S1 antérieures à 9.16.42-S1 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND versions 9.19.0 \u00e0 9.19.13 ant\u00e9rieures \u00e0 9.19.14",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.18.7 \u00e0 9.18.15 ant\u00e9rieures \u00e0 9.18.16",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.16.33 \u00e0 9.16.41 ant\u00e9rieures \u00e0 9.16.42",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND Supported Preview Edition versions 9.18.11-S1 \u00e0 9.18.15-S1 ant\u00e9rieures \u00e0 9.18.16-S1",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND Supported Preview Edition versions 9.11.3-S1 \u00e0 9.16.41-S1 ant\u00e9rieures \u00e0 9.16.42-S1",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-2911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2911"
},
{
"name": "CVE-2022-38178",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38178"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2022-3924",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3924"
},
{
"name": "CVE-2023-2829",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2829"
}
],
"initial_release_date": "2023-06-22T00:00:00",
"last_revision_date": "2023-06-22T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0479",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans BIND. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans BIND",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2023-2829 du 21 juin 2023",
"url": "https://kb.isc.org/v1/docs/cve-2023-2829"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2023-2911 du 21 juin 2023",
"url": "https://kb.isc.org/v1/docs/cve-2023-2911"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2023-2828 du 21 juin 2023",
"url": "https://kb.isc.org/v1/docs/cve-2023-2828"
}
]
}
CERTFR-2022-AVI-1059
Vulnerability from certfr_avis - Published: 2022-11-29 - Updated: 2022-11-29
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | N/A | IBM Operations Analytics Predictive Insights versions antérieures à 1.3.6 Interim Fix 6 | ||
| IBM | N/A | UCD - IBM UrbanCode Deploy versions 7.2.x.x antérieures à 7.2.3.2 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct pour UNIX versions 6.0.0 antérieures à 6.0.0.2.iFix139 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct pour UNIX versions 6.2.0 antérieures à 6.2.0.5.iFix004 | ||
| IBM | N/A | IBM i versions 7.4 sans le correctif de sécurité SI81707 | ||
| IBM | N/A | IBM i versions 7.3 sans le correctif de sécurité SI81708 | ||
| IBM | N/A | IBM i versions 7.5 sans le correctif de sécurité SI81706 | ||
| IBM | N/A | UCD - IBM UrbanCode Deploy versions 7.1.x.x antérieures à 7.1.2.9 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct pour UNIX versions 6.1.0 antérieures à 6.1.0.4.iFix069 | ||
| IBM | N/A | IBM i versions 7.2 sans le correctif de sécurité SI81709 | ||
| IBM | N/A | IBM Planning Analytics Workspace versions 2.0 sans le correctif de sécurité 82 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct pour UNIX versions 4.3.0 antérieures à 4.3.0.1.iFix103 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Operations Analytics Predictive Insights versions ant\u00e9rieures \u00e0 1.3.6 Interim Fix 6",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "UCD - IBM UrbanCode Deploy versions 7.2.x.x ant\u00e9rieures \u00e0 7.2.3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct pour UNIX versions 6.0.0 ant\u00e9rieures \u00e0 6.0.0.2.iFix139",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct pour UNIX versions 6.2.0 ant\u00e9rieures \u00e0 6.2.0.5.iFix004",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM i versions 7.4 sans le correctif de s\u00e9curit\u00e9 SI81707",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM i versions 7.3 sans le correctif de s\u00e9curit\u00e9 SI81708",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM i versions 7.5 sans le correctif de s\u00e9curit\u00e9 SI81706",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "UCD - IBM UrbanCode Deploy versions 7.1.x.x ant\u00e9rieures \u00e0 7.1.2.9",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct pour UNIX versions 6.1.0 ant\u00e9rieures \u00e0 6.1.0.4.iFix069",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM i versions 7.2 sans le correctif de s\u00e9curit\u00e9 SI81709",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Planning Analytics Workspace versions 2.0 sans le correctif de s\u00e9curit\u00e9 82",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct pour UNIX versions 4.3.0 ant\u00e9rieures \u00e0 4.3.0.1.iFix103",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-32213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32213"
},
{
"name": "CVE-2022-33980",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33980"
},
{
"name": "CVE-2022-38178",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38178"
},
{
"name": "CVE-2022-22980",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22980"
},
{
"name": "CVE-2022-38177",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38177"
},
{
"name": "CVE-2022-32222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32222"
},
{
"name": "CVE-2022-32212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32212"
},
{
"name": "CVE-2022-2795",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2795"
},
{
"name": "CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"name": "CVE-2022-32215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32215"
},
{
"name": "CVE-2022-32214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32214"
},
{
"name": "CVE-2022-32223",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32223"
}
],
"initial_release_date": "2022-11-29T00:00:00",
"last_revision_date": "2022-11-29T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-1059",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6841885 du 28 novembre 2022",
"url": "https://www.ibm.com/support/pages/node/6841885"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6841799 du 28 novembre 2022",
"url": "https://www.ibm.com/support/pages/node/6841799"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6841785 du 28 novembre 2022",
"url": "https://www.ibm.com/support/pages/node/6841785"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6841791 du 28 novembre 2022",
"url": "https://www.ibm.com/support/pages/node/6841791"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6841815 du 28 novembre 2022",
"url": "https://www.ibm.com/support/pages/node/6841815"
}
]
}
CERTFR-2023-AVI-0120
Vulnerability from certfr_avis - Published: 2023-02-14 - Updated: 2023-02-14
De multiples vulnérabilités ont été corrigées dans les produits IBM. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar SIEM version 7.5.0 sans le dernier correctif de sécurité Update Pack 4 | ||
| IBM | Sterling Control Center | IBM Sterling Control Center versions antérieures à 6.1.3.0 sans le dernier correctif de sécurité iFix15 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.4.x antérieures à 7.4.3 sans le dernier correctif de sécurité Fix Pack 8 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct FTP+ version 1.3.0.0 sans le dernier correctif de sécurité iFix022 | ||
| IBM | Db2 | IBM Db2 Web Query for i versions antérieures à 2.4.0 sans les derniers correctifs de sécurité | ||
| IBM | Db2 | IBM Db2 Web Query for i versions antérieures à 2.3.0 sans les derniers correctifs de sécurité | ||
| IBM | Sterling Control Center | IBM Sterling Control Center versions antérieures à 6.2.1.0 sans le dernier correctif de sécurité iFix10 | ||
| IBM | Sterling Control Center | IBM Sterling Control Center versions antérieures à 6.3.0.0 sans le dernier correctif de sécurité iFix01 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM version 7.5.0 sans le dernier correctif de s\u00e9curit\u00e9 Update Pack 4",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Control Center versions ant\u00e9rieures \u00e0 6.1.3.0 sans le dernier correctif de s\u00e9curit\u00e9 iFix15",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.4.x ant\u00e9rieures \u00e0 7.4.3 sans le dernier correctif de s\u00e9curit\u00e9 Fix Pack 8",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct FTP+ version 1.3.0.0 sans le dernier correctif de s\u00e9curit\u00e9 iFix022",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 Web Query for i versions ant\u00e9rieures \u00e0 2.4.0 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 Web Query for i versions ant\u00e9rieures \u00e0 2.3.0 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Control Center versions ant\u00e9rieures \u00e0 6.2.1.0 sans le dernier correctif de s\u00e9curit\u00e9 iFix10",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Control Center versions ant\u00e9rieures \u00e0 6.3.0.0 sans le dernier correctif de s\u00e9curit\u00e9 iFix01",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-41974",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41974"
},
{
"name": "CVE-2022-21127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21127"
},
{
"name": "CVE-2021-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
},
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
},
{
"name": "CVE-2022-38178",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38178"
},
{
"name": "CVE-2022-38177",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38177"
},
{
"name": "CVE-2022-21166",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21166"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2022-2526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2526"
},
{
"name": "CVE-2022-21125",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21125"
},
{
"name": "CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"name": "CVE-2022-21123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21123"
},
{
"name": "CVE-2022-40674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40674"
},
{
"name": "CVE-2022-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29154"
},
{
"name": "CVE-2022-3676",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3676"
},
{
"name": "CVE-2022-34351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34351"
},
{
"name": "CVE-2022-2625",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2625"
},
{
"name": "CVE-2022-25168",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25168"
}
],
"initial_release_date": "2023-02-14T00:00:00",
"last_revision_date": "2023-02-14T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 13 f\u00e9vrier 2023",
"url": "https://www.ibm.com/support/pages/node/6955079"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 13 f\u00e9vrier 2023",
"url": "https://www.ibm.com/support/pages/node/6955277"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 13 f\u00e9vrier 2023",
"url": "https://www.ibm.com/support/pages/node/6955281"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 13 f\u00e9vrier 2023",
"url": "https://www.ibm.com/support/pages/node/6955057"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 13 f\u00e9vrier 2023",
"url": "https://www.ibm.com/support/pages/node/6955251"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 13 f\u00e9vrier 2023",
"url": "https://www.ibm.com/support/pages/node/6955059"
}
],
"reference": "CERTFR-2023-AVI-0120",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6955281 du 13 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6955059 du 13 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6955057 du 13 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6955277 du 13 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6955251 du 13 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6955079 du 13 f\u00e9vrier 2023",
"url": null
}
]
}
GHSA-349W-CGP3-287R
Vulnerability from github – Published: 2022-09-22 00:00 – Updated: 2025-05-28 18:33
VLAI?
Details
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2022-38178"
],
"database_specific": {
"cwe_ids": [
"CWE-347",
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-21T11:15:00Z",
"severity": "HIGH"
},
"details": "By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.",
"id": "GHSA-349w-cgp3-287r",
"modified": "2025-05-28T18:33:05Z",
"published": "2022-09-22T00:00:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38178"
},
{
"type": "WEB",
"url": "https://kb.isc.org/docs/cve-2022-38178"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202210-25"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20221228-0009"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5235"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/09/21/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
CVE-2022-38178
Vulnerability from osv_almalinux
Published
2022-10-03 00:00
Modified
2022-10-14 16:04
Summary
Important: bind security update
Details
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
Security Fix(es):
- bind: BIND 9 resolvers configured to answer from cache with zero stale-answer-timeout may terminate unexpectedly (CVE-2022-3080)
- bind: memory leak in ECDSA DNSSEC verification code (CVE-2022-38177)
- bind: memory leaks in EdDSA DNSSEC verification code (CVE-2022-38178)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "bind"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.16.23-1.el9_0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "bind-chroot"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.16.23-1.el9_0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "bind-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.16.23-1.el9_0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "bind-dnssec-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.16.23-1.el9_0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "bind-dnssec-utils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.16.23-1.el9_0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "bind-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.16.23-1.el9_0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "bind-license"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.16.23-1.el9_0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "bind-utils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.16.23-1.el9_0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "python3-bind"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.16.23-1.el9_0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es):\n\n* bind: BIND 9 resolvers configured to answer from cache with zero stale-answer-timeout may terminate unexpectedly (CVE-2022-3080)\n* bind: memory leak in ECDSA DNSSEC verification code (CVE-2022-38177)\n* bind: memory leaks in EdDSA DNSSEC verification code (CVE-2022-38178)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:6763",
"modified": "2022-10-14T16:04:27Z",
"published": "2022-10-03T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:6763"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-3080"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-38177"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-38178"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2128600"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2128601"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2128602"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2022-6763.html"
}
],
"related": [
"CVE-2022-3080",
"CVE-2022-38177",
"CVE-2022-38178"
],
"summary": "Important: bind security update"
}
CVE-2022-38178
Vulnerability from osv_almalinux
Published
2022-10-04 00:00
Modified
2022-10-14 16:12
Summary
Important: bind9.16 security update
Details
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
Security Fix(es):
- bind: BIND 9 resolvers configured to answer from cache with zero stale-answer-timeout may terminate unexpectedly (CVE-2022-3080)
- bind: memory leak in ECDSA DNSSEC verification code (CVE-2022-38177)
- bind: memory leaks in EdDSA DNSSEC verification code (CVE-2022-38178)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bind9.16"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.16.23-0.7.el8_6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bind9.16-chroot"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.16.23-0.7.el8_6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bind9.16-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.16.23-0.7.el8_6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bind9.16-dnssec-utils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.16.23-0.7.el8_6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bind9.16-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.16.23-0.7.el8_6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bind9.16-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.16.23-0.7.el8_6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bind9.16-license"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.16.23-0.7.el8_6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bind9.16-utils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.16.23-0.7.el8_6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3-bind9.16"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.16.23-0.7.el8_6.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es):\n\n* bind: BIND 9 resolvers configured to answer from cache with zero stale-answer-timeout may terminate unexpectedly (CVE-2022-3080)\n* bind: memory leak in ECDSA DNSSEC verification code (CVE-2022-38177)\n* bind: memory leaks in EdDSA DNSSEC verification code (CVE-2022-38178)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:6781",
"modified": "2022-10-14T16:12:13Z",
"published": "2022-10-04T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:6781"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-3080"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-38177"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-38178"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2128600"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2128601"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2128602"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-6781.html"
}
],
"related": [
"CVE-2022-3080",
"CVE-2022-38177",
"CVE-2022-38178"
],
"summary": "Important: bind9.16 security update"
}
CVE-2022-38178
Vulnerability from osv_almalinux
Published
2022-10-04 00:00
Modified
2022-10-14 17:12
Summary
Important: bind security update
Details
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
Security Fix(es):
- bind: memory leak in ECDSA DNSSEC verification code (CVE-2022-38177)
- bind: memory leaks in EdDSA DNSSEC verification code (CVE-2022-38178)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bind"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.11.36-3.el8_6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bind-chroot"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.11.36-3.el8_6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bind-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.11.36-3.el8_6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bind-export-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.11.36-3.el8_6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bind-export-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.11.36-3.el8_6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bind-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.11.36-3.el8_6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bind-libs-lite"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.11.36-3.el8_6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bind-license"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.11.36-3.el8_6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bind-lite-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.11.36-3.el8_6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bind-pkcs11"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.11.36-3.el8_6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bind-pkcs11-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.11.36-3.el8_6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bind-pkcs11-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.11.36-3.el8_6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bind-pkcs11-utils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.11.36-3.el8_6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bind-sdb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.11.36-3.el8_6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bind-sdb-chroot"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.11.36-3.el8_6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bind-utils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.11.36-3.el8_6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3-bind"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "32:9.11.36-3.el8_6.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es):\n\n* bind: memory leak in ECDSA DNSSEC verification code (CVE-2022-38177)\n* bind: memory leaks in EdDSA DNSSEC verification code (CVE-2022-38178)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:6778",
"modified": "2022-10-14T17:12:12Z",
"published": "2022-10-04T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:6778"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-38177"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-38178"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2128601"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2128602"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-6778.html"
}
],
"related": [
"CVE-2022-38177",
"CVE-2022-38178"
],
"summary": "Important: bind security update"
}
CVE-2022-38178
Vulnerability from fstec - Published: 14.09.2022
VLAI Severity ?
Title
Уязвимость реализации технологии DNSSEC сервера DNS BIND, позволяющая нарушителю выполнить атаку типа «отказ в обслуживании»
Description
Уязвимость реализации технологии DNSSEC сервера DNS BIND связана с некорректной проверкой криптографической подписи EdDSA. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить атаку типа «отказ в обслуживании»
Severity ?
Vendor
Red Hat Inc., Canonical Ltd., ООО «РусБИТех-Астра», Internet Systems Consortium, Сообщество свободного программного обеспечения, Fedora Project, ООО «Ред Софт», АО «ИВК», АО "НППКТ", АО «НТЦ ИТ РОСА»
Software Name
Red Hat Enterprise Linux, Ubuntu, Astra Linux Special Edition (запись в едином реестре российских программ №369), Red Hat Virtualization, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), BIND, Debian GNU/Linux, Fedora, РЕД ОС (запись в едином реестре российских программ №3751), Альт 8 СП (запись в едином реестре российских программ №4305), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ROSA Virtualization (запись в едином реестре российских программ №5091)
Software Version
7 (Red Hat Enterprise Linux), 18.04 LTS (Ubuntu), 1.6 «Смоленск» (Astra Linux Special Edition), 4 (Red Hat Virtualization), 8 (Red Hat Enterprise Linux), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 20.04 LTS (Ubuntu), от 9.10.7 до 9.10.8 включительно (BIND), от 9.9.12 до 9.9.13 включительно (BIND), 11 (Debian GNU/Linux), 35 (Fedora), 8.1 Update Services for SAP Solutions (Red Hat Enterprise Linux), 7.3 (РЕД ОС), - (Альт 8 СП), 36 (Fedora), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), 37 (Fedora), от 9.18.0 до 9.18.6 включительно (BIND), от 9.19.0 до 9.19.4 включительно (BIND), от 9.11.3 до 9.16.32 включительно (BIND), до 2.6 (ОСОН ОСнова Оnyx), 2.1 (ROSA Virtualization)
Possible Mitigations
Использование рекомендаций:
Для BIND:
https://kb.isc.org/docs/cve-2022-38178
Для Ред ОС:
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-bind-cve-2022-2795-cve-2022-2881-cve-2022-2906-cve-2022-3080-cve-2022-381/
Для Ubuntu:
https://ubuntu.com/security/notices/USN-5626-1
Для Debian:
https://www.debian.org/security/2022/dsa-5235
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/
Для продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2022-38178
Компенсирующие меры:
Следует отключить алгоритм криптографической подписи EdDSA (его варианты ED25519 и ED448), используя конфигурацию disable-algorithms и опции ED25519 и ED448
Для ОСОН ОСнова Оnyx:
Обновление программного обеспечения bind9 до версии 1:9.16.33-1~deb11u1.osnova1
Для ОС Astra Linux:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20221220SE16
Для системы управления средой виртуализации «ROSA Virtualization» : https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2245
Для Astra Linux Special Edition для «Эльбрус» 8.1 «Ленинград»:
обновить пакет bind9 до 1:9.11.3+dfsg-1ubuntu1.18+ci202211281326+astra1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Reference
https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-bind-cve-2022-2795-cve-2022-2881-cve-2022-2906-cve-2022-3080-cve-2022-381/?sphrase_id=67327
https://ubuntu.com/security/notices/USN-5626-1
http://www.openwall.com/lists/oss-security/2022/09/21/3
https://kb.isc.org/docs/cve-2022-38178
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/
https://www.debian.org/security/2022/dsa-5235
https://bugzilla.redhat.com/show_bug.cgi?id=2128602
https://nvd.nist.gov/vuln/detail/CVE-2022-38178
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.6/
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20221220SE16
https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2245
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
https://altsp.su/obnovleniya-bezopasnosti/
CWE
CWE-347, CWE-401
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Canonical Ltd., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Internet Systems Consortium, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Fedora Project, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 18.04 LTS (Ubuntu), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 4 (Red Hat Virtualization), 8 (Red Hat Enterprise Linux), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 20.04 LTS (Ubuntu), \u043e\u0442 9.10.7 \u0434\u043e 9.10.8 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIND), \u043e\u0442 9.9.12 \u0434\u043e 9.9.13 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIND), 11 (Debian GNU/Linux), 35 (Fedora), 8.1 Update Services for SAP Solutions (Red Hat Enterprise Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), 36 (Fedora), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), 37 (Fedora), \u043e\u0442 9.18.0 \u0434\u043e 9.18.6 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIND), \u043e\u0442 9.19.0 \u0434\u043e 9.19.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIND), \u043e\u0442 9.11.3 \u0434\u043e 9.16.32 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIND), \u0434\u043e 2.6 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), 2.1 (ROSA Virtualization)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f BIND:\nhttps://kb.isc.org/docs/cve-2022-38178\n\n\u0414\u043b\u044f \u0420\u0435\u0434 \u041e\u0421:\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-bind-cve-2022-2795-cve-2022-2881-cve-2022-2906-cve-2022-3080-cve-2022-381/\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/notices/USN-5626-1\n\n\u0414\u043b\u044f Debian:\nhttps://www.debian.org/security/2022/dsa-5235\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/ \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/ \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/ \n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2022-38178\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n\u0421\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 EdDSA (\u0435\u0433\u043e \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u044b ED25519 \u0438 ED448), \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e disable-algorithms \u0438 \u043e\u043f\u0446\u0438\u0438 ED25519 \u0438 ED448\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f bind9 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:9.16.33-1~deb11u1.osnova1\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20221220SE16\n\n\u0414\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u00abROSA Virtualization\u00bb : https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2245\n\n\u0414\u043b\u044f Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 bind9 \u0434\u043e 1:9.11.3+dfsg-1ubuntu1.18+ci202211281326+astra1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.09.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "12.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "06.10.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-06121",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-38178",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Ubuntu, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Virtualization, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), BIND, Debian GNU/Linux, Fedora, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), ROSA Virtualization (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 , Canonical Ltd. Ubuntu 18.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 8 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Canonical Ltd. Ubuntu 20.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , Fedora Project Fedora 35 , Red Hat Inc. Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Fedora Project Fedora 36 , Canonical Ltd. Ubuntu 22.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 9 , Fedora Project Fedora 37 , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.6 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 2.1 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0438 DNSSEC \u0441\u0435\u0440\u0432\u0435\u0440\u0430 DNS BIND, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0430\u0442\u0430\u043a\u0443 \u0442\u0438\u043f\u0430 \u00ab\u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438\u00bb",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 (CWE-347), \u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435 \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u0435\u0440\u0435\u0434 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435\u043c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0441\u0441\u044b\u043b\u043a\u0438 (\u00ab\u0443\u0442\u0435\u0447\u043a\u0430 \u043f\u0430\u043c\u044f\u0442\u0438\u00bb) (CWE-401)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0438 DNSSEC \u0441\u0435\u0440\u0432\u0435\u0440\u0430 DNS BIND \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 EdDSA. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0430\u0442\u0430\u043a\u0443 \u0442\u0438\u043f\u0430 \u00ab\u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438\u00bb",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432, \u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-bind-cve-2022-2795-cve-2022-2881-cve-2022-2906-cve-2022-3080-cve-2022-381/?sphrase_id=67327\nhttps://ubuntu.com/security/notices/USN-5626-1\nhttp://www.openwall.com/lists/oss-security/2022/09/21/3 \nhttps://kb.isc.org/docs/cve-2022-38178 \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/ \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/ \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/ \nhttps://www.debian.org/security/2022/dsa-5235\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2128602\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-38178\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.6/\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20221220SE16\nhttps://abf.rosalinux.ru/advisories/ROSA-SA-2023-2245\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\nhttps://altsp.su/obnovleniya-bezopasnosti/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-347, CWE-401",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…