Vulnerability Description
Misinterpretation of special domain name characters in DNRD (aka Domain Name Relay Daemon) 2.20.3 leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Domain Name Relay Daemon Project | Domain Name Relay Daemon | 2.20.3 |
References
- http://dnrd.sourceforge.net/ProductThird Party Advisory
- https://www.openwall.com/lists/oss-security/2022/08/14/1Mailing ListThird Party Advisory
- https://www.usenix.org/conference/usenixsecurity21/presentation/jeitnerThird Party Advisory
- https://www.usenix.org/conference/usenixsecurity22/presentation/jeitnerThird Party Advisory
- http://dnrd.sourceforge.net/ProductThird Party Advisory
- https://www.openwall.com/lists/oss-security/2022/08/14/1Mailing ListThird Party Advisory
- https://www.usenix.org/conference/usenixsecurity21/presentation/jeitnerThird Party Advisory
- https://www.usenix.org/conference/usenixsecurity22/presentation/jeitnerThird Party Advisory
FAQ
What is CVE-2022-33993?
CVE-2022-33993 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Misinterpretation of special domain name characters in DNRD (aka Domain Name Relay Daemon) 2.20.3 leads to cache poisoning because domain names and their associated IP addresses are cached in their mi...
How severe is CVE-2022-33993?
CVE-2022-33993 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-33993?
Check the references section above for vendor advisories and patch information. Affected products include: Domain Name Relay Daemon Project Domain Name Relay Daemon.