2 matches found
CVE-2022-34294
totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to prevent traffic injection attacks...
CVE-2022-34294
The CVE-2022-34294 entry concerns totd 1.5.3, a small DNS proxy nameserver. The issue is that upstream DNS queries use a fixed UDP source port, providing insufficient entropy and enabling DNS cache poisoning. Affected component: totd 1.5.3. Root cause: fixed UDP source port in upstream queries to...