Alpine: bind: security update to 9.16.33-r0

medium Tenable Cloud Security Plugin ID 403666

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- The underlying bug might cause read past end of the buffer and either read memory it should not read, or
crash the process. (CVE-2022-2881)

- By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the
resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
(CVE-2022-2795)

- An attacker can leverage this flaw to gradually erode available memory to the point where named crashes
for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the
potential to deny service. (CVE-2022-2906)

- By sending specific queries to the resolver, an attacker can cause named to crash. (CVE-2022-3080)

See Also

https://security.alpinelinux.org/vuln/CVE-2022-2795

https://security.alpinelinux.org/vuln/CVE-2022-2881

https://security.alpinelinux.org/vuln/CVE-2022-2906

https://security.alpinelinux.org/vuln/CVE-2022-3080

https://security.alpinelinux.org/vuln/CVE-2022-38177

https://security.alpinelinux.org/vuln/CVE-2022-38178

Plugin Details

Severity: Medium

ID: 403666

Version: Revision 1.40

Type: Local

Published: 10/31/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 5

Percentile: 94.66

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 6.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C

CVSS Score Source: CVE-2022-2881

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: Medium

Base Score: 6.3

Threat Score: 1.7

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2022-2795

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 9/21/2022

Reference Information

CVE: CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178

IAVA: 2022-A-0387-S, 2023-A-0500-S