3 matches found
lwIP TCP/IP Stack DNS Resolver <= 1.4.1 Cache-Poisoning Attack Vulnerability
The lwIP TCP/IP Stack DNS Resolver is vulnerable against a cache-poisoning attack. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...
CVE-2014-4883
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets...
CVE-2014-4883
CVE-2014-4883 affects the DNS resolver code paths in uIP and lwIP (resolv.c/dns.c for lwIP