CVE-2022-2906

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://kb.isc.org/docs/cve-2022-2906", "name": "https://kb.isc.org/docs/cve-2022-2906", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.openwall.com/lists/oss-security/2022/09/21/3", "name": "[oss-security] 20220921 ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://security.gentoo.org/glsa/202210-25", "name": "GLSA-202210-25", "tags": ["Third Party Advisory"], "refsource": "GENTOO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-401"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-2906", "ASSIGNER": "security-officer@isc.org"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}}, "publishedDate": "2022-09-21T11:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "9.18.7", "versionStartIncluding": "9.18.0"}, {"cpe23Uri": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "9.19.5", "versionStartIncluding": "9.19.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-12-03T01:06Z"}