Vulnerabilities > ISC
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-07 | CVE-2022-2928 | NULL Pointer Dereference vulnerability in multiple products In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. | 6.5 |
2022-10-07 | CVE-2022-2929 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory. | 6.5 |
2022-09-21 | CVE-2022-2795 | Resource Exhaustion vulnerability in multiple products By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. | 7.5 |
2022-09-21 | CVE-2022-2881 | Out-of-bounds Read vulnerability in ISC Bind The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process. | 8.2 |
2022-09-21 | CVE-2022-2906 | Memory Leak vulnerability in ISC Bind An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. | 7.5 |
2022-09-21 | CVE-2022-38177 | Improper Verification of Cryptographic Signature vulnerability in multiple products By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. | 7.5 |
2022-09-21 | CVE-2022-38178 | Improper Verification of Cryptographic Signature vulnerability in multiple products By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. | 7.5 |
2022-09-21 | CVE-2022-3080 | Injection vulnerability in multiple products By sending specific queries to the resolver, an attacker can cause named to crash. | 7.5 |
2022-05-19 | CVE-2022-1183 | Reachable Assertion vulnerability in multiple products On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. | 7.5 |
2022-03-23 | CVE-2021-25220 | HTTP Request Smuggling vulnerability in multiple products BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. | 6.8 |