CVE-2022-33993

{"id": "CVE-2022-33993", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-08-15T12:15:19.200", "references": [{"url": "http://dnrd.sourceforge.net/", "tags": ["Product", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.openwall.com/lists/oss-security/2022/08/14/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://dnrd.sourceforge.net/", "tags": ["Product", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.openwall.com/lists/oss-security/2022/08/14/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Misinterpretation of special domain name characters in DNRD (aka Domain Name Relay Daemon) 2.20.3 leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form."}, {"lang": "es", "value": "Una interpretaci\u00f3n inapropiada de los caracteres especiales de los nombres de dominio en el DNRD (tambi\u00e9n se conoce Domain Name Relay Daemon) versi\u00f3n 2.20.3, conlleva a un envenenamiento de cach\u00e9 porque los nombres de dominio y sus direcciones IP asociadas son almacenados en la cach\u00e9 en su forma interpretada inapropiadamente."}], "lastModified": "2024-11-21T07:08:44.603", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:domain_name_relay_daemon_project:domain_name_relay_daemon:2.20.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2F2400F-840C-4734-8CD6-94A7C42F5751"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}