#VU72145 Predictable Exact Value from Previous Values in uClibC-ng - CVE-2022-30295


Vulnerability identifier: #VU72145

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-30295

CWE-ID: CWE-342

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
uClibC-ng
Universal components / Libraries / Libraries used by multiple products

Vendor: uclibc-ng.org

Description

The vulnerability allows a remote attacker to perform DNS cache poisoning.

The vulnerability exists due to software uses predictable DNS transaction IDs. A remote attacker can perform DNS cache poisoning.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

uClibC-ng: 1.0.0 - 1.0.40

External links
https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-dns-bug-in-popular-c-standard-library-putting-iot-at-risk/
https://www.kb.cert.org/vuls/id/473698

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


DNS cache poisoning in uClibc
Multiple vulnerabilities in uClibC-ng