CVE-2022-2906
7.5
HIGH
CVSS 3.1
EPSS 0.86%
Description
An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.
How to fix CVE-2022-2906
To remediate CVE-2022-2906, upgrade the affected package to a fixed version below.
- Alpine/bind—upgrade to 9.16.33-r0 or later
- —upgrade to 1:9.18.7-1 or later
Is CVE-2022-2906 being exploited?
Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 9.16.33-r0
- from 0, < 1:9.18.7-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |