What is CVE-2022-2906?

CVE-2022-2906 is a high-severity vulnerability in Isc Bind9. CVSS score: 7.5/10. Published 2022-09-21.

How severe is CVE-2022-2906?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2022-2906 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Isc Bind9

CVE-2022-2906

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.

EPSS: 0.009 (75.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Isc Bind9 — versions Open Source Branch 9.18 9.18.0 through versions before 9.18.7, Development Branch 9.19 9.19.0 through versions before 9.19.5

Public proof-of-concept exploits

karimhabush/cyberowl

References

Frequently asked questions

What is CVE-2022-2906?: CVE-2022-2906 is a high-severity vulnerability in Isc Bind9. CVSS score: 7.5/10. Published 2022-09-21.
How severe is CVE-2022-2906?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2022-2906 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.