Vulnerability Details : CVE-2022-2881
The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.
Products affected by CVE-2022-2881
- cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*
- cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*
Threat overview for CVE-2022-2881
Top countries where our scanners detected CVE-2022-2881
Top open port discovered on systems with this issue
53
IPs affected by CVE-2022-2881 18,127
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2022-2881!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2022-2881
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 48 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-2881
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H |
3.9
|
4.2
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H |
1.2
|
4.2
|
Internet Systems Consortium (ISC) |
CWE ids for CVE-2022-2881
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-2881
-
https://security.gentoo.org/glsa/202210-25
ISC BIND: Multiple Vulnerabilities (GLSA 202210-25) — Gentoo securityThird Party Advisory
-
https://kb.isc.org/docs/cve-2022-2881
CVE-2022-2881: Buffer overread in statistics channel codePatch;Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2022/09/21/3
oss-security - ISC has disclosed six vulnerabilities in BIND (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)Mailing List;Patch;Third Party Advisory
Jump to