Main Vulnerability Database Vulnerabilities #VU66538

Input validation error in dproxy - CVE-2022-33990

Published: August 16, 2022

Vulnerability identifier: #VU66538

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-33990

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
dproxy

Software vendor:
dproxy

Description

The vulnerability allows a remote attacker to perform DNS cache poisoning attacks.

The vulnerability exists due to insufficient validation of special domain name characters. A remote attacker can send specially crafted input to the application and perform DNS cache poisoning attacks.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner
https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner
https://www.openwall.com/lists/oss-security/2022/08/14/3

Input validation error in dproxy - CVE-2022-33990

Description

Remediation

External links

Please verify you're human