PT-2022-15706 · Pypi · Dnslib

Daniel4X

Published

2022-01-09

Updated

2022-01-18

CVE-2022-22846

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions dnslib versions 0.9.16 and earlier

Description The issue concerns the dnslib package for Python, which fails to verify that the ID value in a DNS reply matches an ID value in a query. This lack of verification can lead to potential security issues.

Recommendations For versions 0.9.16 and earlier, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345

Related Identifiers

CVE-2022-22846

GHSA-R478-C2PC-M7GX

PYSEC-2022-4

Affected Products

Dnslib

PT-2022-15706 · Pypi · Dnslib

CVE-2022-22846

Weakness Enumeration

Related Identifiers

Affected Products

References · 15