CVE-2022-2795

medium

Description

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

References

https://kb.isc.org/docs/cve-2022-2795

http://www.openwall.com/lists/oss-security/2022/09/21/3

https://www.debian.org/security/2022/dsa-5235

https://lists.fedoraproject.org/archives/list/[email protected]/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/

https://lists.fedoraproject.org/archives/list/[email protected]/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/

https://lists.fedoraproject.org/archives/list/[email protected]/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/

https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html

https://security.gentoo.org/glsa/202210-25

Details

Source: MITRE

Published: 2022-09-21

Updated: 2023-05-16

Type: CWE-400

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Impact Score: 1.4

Exploitability Score: 3.9

Severity: MEDIUM