CVE-2022-2906: 
NixOS vulnerability analysis and mitigation

CVE-2022-2906 is a vulnerability discovered in ISC BIND software that was disclosed on September 21, 2022. The vulnerability affects BIND versions from 9.18.0 to 9.18.7 and 9.19.0 to 9.19.5, specifically in the code handling Diffie-Hellman key exchange via TKEY RRs when using OpenSSL 3.0.0 or later (ISC Advisory, OSS Security).

The vulnerability is classified as a memory leak issue (CWE-401: Missing Release of Memory after Effective Lifetime) in the code handling Diffie-Hellman key exchange via TKEY RRs. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH), with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability allows an attacker to gradually erode available memory to the point where the named service crashes due to lack of resources. While the service can be restored through a restart, the potential for denial of service remains (NVD).

The vulnerability has been fixed in BIND versions 9.18.7 and later. System administrators are advised to upgrade to the patched versions. The fix was implemented through a commit in the BIND codebase (Debian Tracker, ISC Advisory).