2 matches found
CVE-2022-33989
dproxy-nexgen aka dproxy nexgen uses a static UDP source port selected randomly only at boot time in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to prevent traffic injection attacks...
CVE-2022-33989
CVE-2022-33989 concerns dproxy-nexgen (dproxy nexgen), which uses a static UDP source port that is chosen randomly only at boot for upstream DNS queries. The limited entropy enables DNS cache poisoning since traffic injection becomes easier without a fresh, per-query port randomization. Connected...