CVE-2022-2906

Summary

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.

Affected Software

VendorProductVersion RangeStatus
ISCBIND9Open Source Branch 9.18 9.18.0 through versions before 9.18.7affected
ISCBIND9Development Branch 9.19 9.19.0 through versions before 9.19.5affected

Weaknesses

  • In BIND 9.18.0 -> 9.18.6 and versions 9.19.0 -> 9.19.4 of the BIND 9.19 development branch, changes between OpenSSL 1.x and OpenSSL 3.0 expose a flaw in named that causes a small memory leak in key processing when using TKEY records in Diffie-Hellman mode with OpenSSL 3.0.0 and later versions.

Workarounds

There are no known workarounds. TKEY record processing in GSS-TSIG mode is not affected by this defect. The memory leak impacts authoritative DNS server TKEY record processing only. Client processing (resolver functions) do not trigger this defect.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References