CVE-2022-33993 (GCVE-0-2022-33993)

Vulnerability from cvelistv5 – Published: 2022-08-15 11:45 – Updated: 2024-08-03 08:16
VLAI?
Summary
Misinterpretation of special domain name characters in DNRD (aka Domain Name Relay Daemon) 2.20.3 leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:16:16.573Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://dnrd.sourceforge.net/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2022/08/14/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Misinterpretation of special domain name characters in DNRD (aka Domain Name Relay Daemon) 2.20.3 leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-15T11:45:47.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://dnrd.sourceforge.net/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2022/08/14/1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-33993",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Misinterpretation of special domain name characters in DNRD (aka Domain Name Relay Daemon) 2.20.3 leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner",
              "refsource": "MISC",
              "url": "https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner"
            },
            {
              "name": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner",
              "refsource": "MISC",
              "url": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner"
            },
            {
              "name": "http://dnrd.sourceforge.net/",
              "refsource": "MISC",
              "url": "http://dnrd.sourceforge.net/"
            },
            {
              "name": "https://www.openwall.com/lists/oss-security/2022/08/14/1",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2022/08/14/1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-33993",
    "datePublished": "2022-08-15T11:45:47.000Z",
    "dateReserved": "2022-06-18T00:00:00.000Z",
    "dateUpdated": "2024-08-03T08:16:16.573Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-33993",
      "date": "2026-04-26",
      "epss": "0.00301",
      "percentile": "0.53419"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:domain_name_relay_daemon_project:domain_name_relay_daemon:2.20.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2F2400F-840C-4734-8CD6-94A7C42F5751\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Misinterpretation of special domain name characters in DNRD (aka Domain Name Relay Daemon) 2.20.3 leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form.\"}, {\"lang\": \"es\", \"value\": \"Una interpretaci\\u00f3n inapropiada de los caracteres especiales de los nombres de dominio en el DNRD (tambi\\u00e9n se conoce Domain Name Relay Daemon) versi\\u00f3n 2.20.3, conlleva a un envenenamiento de cach\\u00e9 porque los nombres de dominio y sus direcciones IP asociadas son almacenados en la cach\\u00e9 en su forma interpretada inapropiadamente.\"}]",
      "id": "CVE-2022-33993",
      "lastModified": "2024-11-21T07:08:44.603",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
      "published": "2022-08-15T12:15:19.200",
      "references": "[{\"url\": \"http://dnrd.sourceforge.net/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Product\", \"Third Party Advisory\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2022/08/14/1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://dnrd.sourceforge.net/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\", \"Third Party Advisory\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2022/08/14/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-33993\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-08-15T12:15:19.200\",\"lastModified\":\"2024-11-21T07:08:44.603\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Misinterpretation of special domain name characters in DNRD (aka Domain Name Relay Daemon) 2.20.3 leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form.\"},{\"lang\":\"es\",\"value\":\"Una interpretaci\u00f3n inapropiada de los caracteres especiales de los nombres de dominio en el DNRD (tambi\u00e9n se conoce Domain Name Relay Daemon) versi\u00f3n 2.20.3, conlleva a un envenenamiento de cach\u00e9 porque los nombres de dominio y sus direcciones IP asociadas son almacenados en la cach\u00e9 en su forma interpretada inapropiadamente.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:domain_name_relay_daemon_project:domain_name_relay_daemon:2.20.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2F2400F-840C-4734-8CD6-94A7C42F5751\"}]}]}],\"references\":[{\"url\":\"http://dnrd.sourceforge.net/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2022/08/14/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://dnrd.sourceforge.net/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2022/08/14/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.