Main Vulnerability Database Vulnerabilities #VU66547

#VU66547 Predictable from Observable State in Unbound - CVE-2022-30699

Published: August 16, 2022

Vulnerability identifier: #VU66547

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-30699

CWE-ID: CWE-341

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Unbound

Software vendor:
NLnet Labs

Description

The vulnerability allows a remote attacker to poison DNS cache.

The vulnerability exists due to the way Unbound handles delegation information expiration event. A remote attacker who controls a rouge DNS server can force the Unbound instance to cache incorrect information about domain delegation and permanently poison the DNS cache, e.g. perform the "ghost domain names" attack.

The attack is perform when Unbound is queried for a rogue domain name, which cached delegation information is about to expire. The rogue nameserver delays the response until the cached delegation information expires. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries.

Remediation

Install updates from vendor's website.

#VU66547 Predictable from Observable State in Unbound - CVE-2022-30699

Description

Remediation

External links

Please verify you're human