An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2022/09/21/3 | Mailing List Patch Third Party Advisory |
https://kb.isc.org/docs/cve-2022-2906 | Patch Vendor Advisory |
https://security.gentoo.org/glsa/202210-25 | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2022-09-21 11:15
Updated : 2024-02-28 19:29
NVD link : CVE-2022-2906
Mitre link : CVE-2022-2906
CVE.ORG link : CVE-2022-2906
JSON object : View
Products Affected
isc
- bind
CWE
CWE-401
Missing Release of Memory after Effective Lifetime