CVE-2022-33990

Опубликовано: 15 авг. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Misinterpretation of special domain name characters in dproxy-nexgen (aka dproxy nexgen) leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form.

Ссылки

https://sourceforge.net/projects/dproxy/
Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/08/14/3
Exploit
Mailing List
Third Party Advisory
https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner
Third Party Advisory
https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner
Third Party Advisory
https://sourceforge.net/projects/dproxy/
Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/08/14/3
Exploit
Mailing List
Third Party Advisory
https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner
Third Party Advisory
https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dproxy-nexgen_project:dproxy-nexgen:-:*:*:*:*:*:*:*

EPSS

Процентиль: 52%

0.00285

Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-c375-69pm-xxh6