uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2.
References
Link | Resource |
---|---|
https://www.kb.cert.org/vuls/id/473698 | Third Party Advisory US Government Resource |
https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-dns-bug-in-popular-c-standard-library-putting-iot-at-risk/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-05-06T04:43:47
Updated: 2022-05-09T20:06:14
Reserved: 2022-05-06T00:00:00
Link: CVE-2022-30295
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-05-06T05:15:07.213
Modified: 2023-08-08T14:22:24.967
Link: CVE-2022-30295
JSON object: View
Redhat Information
No data.
CWE