PT-2022-20037 · Unknown+2 · Maradns Deadwood+2
Xiang Li
·
Published
2022-11-18
·
Updated
2025-04-29
·
CVE-2022-30256
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
MaraDNS Deadwood versions 3.5.0021 and earlier
Description
An issue in MaraDNS Deadwood allows variant V1 of unintended domain name resolution. This means a revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful because it conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for "Ghost" domain names.
Recommendations
For MaraDNS Deadwood versions 3.5.0021 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linuxmint
Maradns Deadwood
Ubuntu