PT-2022-21955 · Dnrd · Dnrd

Haya Shulman

Published

2022-08-15

Updated

2022-08-18

CVE-2022-33993

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions DNRD (aka Domain Name Relay Daemon) version 2.20.3

Description The issue arises from the misinterpretation of special domain name characters, leading to cache poisoning. This occurs because domain names and their associated IP addresses are cached in their misinterpreted form.

Recommendations For DNRD (aka Domain Name Relay Daemon) version 2.20.3, consider disabling the caching functionality until a patch is available to prevent cache poisoning. Restrict access to the domain name resolution service to minimize the risk of exploitation. Avoid using special domain name characters in the affected DNRD version until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2022-33993

Affected Products

Dnrd

PT-2022-21955 · Dnrd · Dnrd

CVE-2022-33993

Related Identifiers

Affected Products

References · 7