Bug 1204615 (CVE-2022-3638)

Summary: VUL-0: CVE-2022-3638: nginx: memory leak for the "ipv4=off" case
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Leroy <thomas.leroy>
Component: IncidentsAssignee: Felix Schnizlein <fschnizlein>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/345993/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Thomas Leroy 2022-10-24 07:30:15 UTC 
CVE-2022-3638

A vulnerability was found in Nginx and classified as problematic. This issue
affects some unknown processing of the file ngx_resolver.c of the component IPv4
Off Handler. The manipulation leads to memory leak. The attack may be initiated
remotely. It is recommended to apply a patch to fix this issue. The identifier
VDB-211937 was assigned to this vulnerability.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3638
https://github.com/nginx/nginx/commit/14341ce2377d38a268261e0fec65b6915ae6e95e
https://www.cve.org/CVERecord?id=CVE-2022-3638
https://vuldb.com/?id.211937
http://hg.nginx.org/nginx/rev/0422365794f7
Comment 1 Thomas Leroy 2022-10-24 07:31:18 UTC 
The commit introducing the leak is very recent and not shipped in our codestreams. Not affected, closing