CVE Vulnerability

CVE-2022-33993

Misinterpretation of special domain name characters in DNRD (aka Domain Name Relay Daemon) 2.20.3 leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form.

5.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
http://dnrd.sourceforge.net/ Product Third Party Advisory
https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/08/14/1 Mailing List Third Party Advisory
https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:domain_name_relay_daemon_project:domain_name_relay_daemon:2.20.3:*:*:*:*:*:*:*
Information

Published : 2022-08-15 12:15

Updated : 2022-08-18 05:48

NVD link : CVE-2022-33993

Mitre link : CVE-2022-33993

Products Affected
No products.
CWE
NVD-CWE-noinfo