ISC BIND 9 Vulnerable to Denial-of-Service (DoS) via Memory Leaks in EdDSA DNSSEC Verification (CVE-2022-38178)
25408
15 February 2025
13 February 2025
CLOSED
MEDIUM
7.5 -- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38178
|
Brocade Security Advisory ID |
BSA-2025-2264 |
|
Component |
bind-utils |
|
|
|
Summary
BIND 9 is vulnerable to a denial-of-service (DoS) issue due to the presence of a memory leak flaw in the DNSSEC verification code for the EdDSA algorithm that can occur when there is a signature length mismatch.
An attacker could spoof the target resolver with responses that have malformed EdDSA signatures in order to trigger the memory leak and cause memory to be consumed resulting in performance impacts and eventually a crash.
Products Affected
Brocade SANnav OVA versions before 2.3.1b
Brocade ASCG versions before 2.1.1
Products Not Affected
Brocade FabricOS
[VEX Justification: Vulnerable_code_not_present]
Solution
Security update provided in SANnav 2.3.1b and 2.4.0
SANnav OVA Security update also provided in the sannav_ova_8x_os_12_2024 OVA patch which can be applied to SANnav 2.3.0, 2.3.0a, 2.3.1 and 2.3.1a OVA deployments
Security update provided in ASCG 2.1.1
Revision History
|
Version |
Change |
Date |
|
1.0 |
Initial Publication |
February 13, 2025 |
|
2.0 |
updated BSA ID |
February 14, 2024 |
Disclaimer
THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.