Lucene search

[email protected]CVE-2022-33990

HistoryAug 15, 2022 - 1:15 p.m.

CVE-2022-33990

2022-08-1513:15:18

[email protected]

web.nvd.nist.gov

cve-2022-33990

dproxy-nexgen

dproxy nexgen

cache poisoning

domain name characters

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.2%

JSON

Misinterpretation of special domain name characters in dproxy-nexgen (aka dproxy nexgen) leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form.

Affected configurations

NVD

Node

dproxy-nexgen_projectdproxy-nexgenMatch-

CPENameOperatorVersion
dproxy-nexgen_project:dproxy-nexgendproxy-nexgen project dproxy-nexgeneq-

CPE	Name	Operator	Version
dproxy-nexgen_project:dproxy-nexgen	dproxy-nexgen project dproxy-nexgen	eq	-

References

sourceforge.net/projects/dproxy/

www.openwall.com/lists/oss-security/2022/08/14/3

www.usenix.org/conference/usenixsecurity21/presentation/jeitner

www.usenix.org/conference/usenixsecurity22/presentation/jeitner

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.2%

JSON

Related for CVE-2022-33990

cvelist1 prion1 nvd1