ID de Prueba:	1.3.6.1.4.1.25623.1.0.124172
Categoría:	Denial of Service
Título:	ISC BIND DoS Vulnerability (CVE-2022-38177) - Linux
Resumen:	ISC BIND is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: ISC BIND is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: The DNSSEC verification code for the ECDSA algorithm leaks memory when there is a signature length mismatch. Vulnerability Impact: By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. Affected Software/OS: ISC BIND versions 9.8.4 through 9.16.32, 9.9.4-S1 through 9.11.37-S1 and 9.16.8-S1 through 9.16.32-S1. Solution: Update to version 9.16.33, 9.16.33-S1 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-38177 https://kb.isc.org/docs/cve-2022-38177 Debian Security Information: DSA-5235 (Google Search) https://www.debian.org/security/2022/dsa-5235 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/ https://security.gentoo.org/glsa/202210-25 https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html http://www.openwall.com/lists/oss-security/2022/09/21/3
Copyright	Copyright (C) 2022 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.