Lucene search

[email protected]NVD:CVE-2022-33991

HistoryAug 15, 2022 - 1:15 p.m.

CVE-2022-33991

2022-08-1513:15:19

CWE-290

[email protected]

web.nvd.nist.gov

cve-2022-33991

dnssec

upstream resolver

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

34.1%

JSON

dproxy-nexgen (aka dproxy nexgen) forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. This leads to disabling of DNSSEC protection provided by upstream resolvers.

Affected configurations

Nvd

Node

dproxy-nexgen_projectdproxy-nexgenMatch-

VendorProductVersionCPE
dproxy-nexgen_projectdproxy-nexgen-cpe:2.3:a:dproxy-nexgen_project:dproxy-nexgen:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dproxy-nexgen_project	dproxy-nexgen	-	cpe:2.3:a:dproxy-nexgen_project:dproxy-nexgen:-:::::::*

References

sourceforge.net/projects/dproxy/

www.openwall.com/lists/oss-security/2022/08/14/3

www.usenix.org/conference/usenixsecurity22/presentation/jeitner

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

34.1%

JSON

Related for NVD:CVE-2022-33991

prion1 cvelist1 cve1