CVE-2022-33992 — HIGH (7.5)

Vulnerability Description

DNRD (aka Domain Name Relay Daemon) 2.20.3 forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. This leads to disabling of DNSSEC protection provided by upstream resolvers.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Domain Name Relay Daemon Project	Domain Name Relay Daemon	2.20.3

References

http://dnrd.sourceforge.net/ProductThird Party Advisory
https://www.openwall.com/lists/oss-security/2022/08/14/1Mailing ListThird Party Advisory
https://www.usenix.org/conference/usenixsecurity22/presentation/jeitnerThird Party Advisory
http://dnrd.sourceforge.net/ProductThird Party Advisory
https://www.openwall.com/lists/oss-security/2022/08/14/1Mailing ListThird Party Advisory
https://www.usenix.org/conference/usenixsecurity22/presentation/jeitnerThird Party Advisory

FAQ

What is CVE-2022-33992?

CVE-2022-33992 is a vulnerability with a CVSS score of 7.5 (HIGH). DNRD (aka Domain Name Relay Daemon) 2.20.3 forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. This leads to disabling of DNSSEC protection provided by upstream resolvers...

How severe is CVE-2022-33992?

CVE-2022-33992 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-33992?

Check the references section above for vendor advisories and patch information. Affected products include: Domain Name Relay Daemon Project Domain Name Relay Daemon.