{"id":"MGASA-2022-0388","summary":"Updated bind packages fix security vulnerability","details":"By flooding the target resolver with queries exploiting this flaw an\nattacker can significantly impair the resolver's performance,\neffectively denying legitimate clients access to the DNS resolution\nservice. (CVE-2022-2795)\n\nBy spoofing the target resolver with responses that have a malformed ECDSA\nsignature, an attacker can trigger a small memory leak. It is possible to\ngradually erode available memory to the point where named crashes for lack\nof resources. (CVE-2022-38177, CVE-2022-38178)\n","modified":"2026-04-16T04:42:50.258694241Z","published":"2022-10-23T22:48:35Z","upstream":["CVE-2022-2795","CVE-2022-38177","CVE-2022-38178"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0388.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30877"},{"type":"WEB","url":"https://kb.isc.org/docs/cve-2022-2795"},{"type":"WEB","url":"https://kb.isc.org/docs/cve-2022-38177"},{"type":"WEB","url":"https://kb.isc.org/docs/cve-2022-38178"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5626-1"},{"type":"WEB","url":"https://www.debian.org/lts/security/2022/dla-3138"}],"affected":[{"package":{"name":"bind","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/bind?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.11.37-1.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0388.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}