Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by totd_project
CVE-2022-34294 (GCVE-0-2022-34294)
Vulnerability from cvelistv5 – Published: 2022-08-15 11:53 – Updated: 2024-08-03 09:07
VLAI
Summary
totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to prevent traffic injection attacks.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.usenix.org/conference/usenixsecurity2… | x_refsource_MISC |
| https://github.com/fwdillema/totd | x_refsource_MISC |
| https://www.blackhat.com/presentations/bh-jp-08/b… | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2022/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:07:16.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fwdillema/totd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.blackhat.com/presentations/bh-jp-08/bh-jp-08-Kaminsky/BlackHat-Japan-08-Kaminsky-DNS08-BlackOps.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2022/08/14/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to prevent traffic injection attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-15T11:53:52.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fwdillema/totd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.blackhat.com/presentations/bh-jp-08/bh-jp-08-Kaminsky/BlackHat-Japan-08-Kaminsky-DNS08-BlackOps.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2022/08/14/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to prevent traffic injection attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner",
"refsource": "MISC",
"url": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner"
},
{
"name": "https://github.com/fwdillema/totd",
"refsource": "MISC",
"url": "https://github.com/fwdillema/totd"
},
{
"name": "https://www.blackhat.com/presentations/bh-jp-08/bh-jp-08-Kaminsky/BlackHat-Japan-08-Kaminsky-DNS08-BlackOps.pdf",
"refsource": "MISC",
"url": "https://www.blackhat.com/presentations/bh-jp-08/bh-jp-08-Kaminsky/BlackHat-Japan-08-Kaminsky-DNS08-BlackOps.pdf"
},
{
"name": "https://www.openwall.com/lists/oss-security/2022/08/14/2",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2022/08/14/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34294",
"datePublished": "2022-08-15T11:53:52.000Z",
"dateReserved": "2022-06-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T09:07:16.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34295 (GCVE-0-2022-34295)
Vulnerability from cvelistv5 – Published: 2022-06-22 14:46 – Updated: 2024-08-03 09:07
VLAI
Summary
totd before 1.5.3 does not properly randomize mesg IDs.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.usenix.org/conference/usenixsecurity2… | x_refsource_MISC |
| http://www.hit.bme.hu/~lencse/publications/JCST-A… | x_refsource_MISC |
| https://github.com/fwdillema/totd/commit/afd8a10a… | x_refsource_MISC |
| https://github.com/fwdillema/totd/releases/tag/1.5.3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:07:15.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fwdillema/totd/commit/afd8a10a6a21f82a70940d1b43cff48143250399"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fwdillema/totd/releases/tag/1.5.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "totd before 1.5.3 does not properly randomize mesg IDs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-22T14:46:35.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fwdillema/totd/commit/afd8a10a6a21f82a70940d1b43cff48143250399"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fwdillema/totd/releases/tag/1.5.3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "totd before 1.5.3 does not properly randomize mesg IDs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner",
"refsource": "MISC",
"url": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner"
},
{
"name": "http://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdf",
"refsource": "MISC",
"url": "http://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdf"
},
{
"name": "https://github.com/fwdillema/totd/commit/afd8a10a6a21f82a70940d1b43cff48143250399",
"refsource": "MISC",
"url": "https://github.com/fwdillema/totd/commit/afd8a10a6a21f82a70940d1b43cff48143250399"
},
{
"name": "https://github.com/fwdillema/totd/releases/tag/1.5.3",
"refsource": "MISC",
"url": "https://github.com/fwdillema/totd/releases/tag/1.5.3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34295",
"datePublished": "2022-06-22T14:46:35.000Z",
"dateReserved": "2022-06-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T09:07:15.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}