Vulnerability Details CVE-2022-33993
Misinterpretation of special domain name characters in DNRD (aka Domain Name Relay Daemon) 2.20.3 leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.7%
CVSS Severity
CVSS v3 Score 5.3
References
- http://dnrd.sourceforge.net/
- https://www.openwall.com/lists/oss-security/2022/08/14/1
- https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner
- https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner
- http://dnrd.sourceforge.net/
- https://www.openwall.com/lists/oss-security/2022/08/14/1
- https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner
- https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner
Products affected by CVE-2022-33993
-
cpe:2.3:a:domain_name_relay_daemon_project:domain_name_relay_daemon:2.20.3