< securityroom

QSAN Responds to CVE-2022-38177_38178_2906_3080 ISC BIND

October  04 , 2022

None of QSAN's products are affected by CVE-2022-2906 as this vulnerability only affects ISC BIND 9.18.0 and later.
None of QSAN's products are affected by CVE-2022-3080, CVE-2022-38177, or CVE-2022-38178 as these vulnerabilities only affect when specific features are enabled.

Applied to

Product Severity Fixed Release Availability
QSM Not Affected N/A
XEVO Not Affected N/A
SANOS Not Affected N/A

Mitigation

None

Detail

  • CVE-2022-38177

    • Severity: Not affected

    • CVSS3 Base Score: 0.0

    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

    • By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

  • CVE-2022-38178

    • Severity: Not affected

    • CVSS3 Base Score: 0.0

    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

    • By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

  • CVE-2022-2906

    • Severity: Not affected

    • CVSS3 Base Score: 0.0

    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

    • An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.

  • CVE-2022-3080

Reference

Media Contacts

Media: [email protected]
Corporate HQ: 4F., No.103, RuiHu Street, NeiHu District, Taipei, Taiwan11494
Phone: +886-2-7720-2118
Fax: +886-2-7720-0295