CVE-2022-30295 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
uclibc	uclibc	𝑥 ≤ 0.9.33.2
uclibc-ng_project	uclibc-ng	𝑥 ≤ 1.0.40

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

uclibc

bookworm	unimportant
bullseye	unimportant
sid	unimportant
trixie	unimportant

Ubuntu Releases

Ubuntu Product

Codename

uclibc

bionic	dne
focal	dne
jammy	dne
trusty	dne
xenial	dne

Common Weakness Enumeration

CWE-330 - Use of Insufficiently Random Values
The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

References

https://www.kb.cert.org/vuls/id/473698

https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-dns-bug-in-popular-c-standard-library-putting-iot-at-risk/

https://www.kb.cert.org/vuls/id/473698

https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-dns-bug-in-popular-c-standard-library-putting-iot-at-risk/