CVE-2022-33990

Misinterpretation of special domain name characters in dproxy-nexgen (aka dproxy nexgen) leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
VendorProductVersion
dproxy-nexgen_projectdproxy-nexgen
-
𝑥
= Vulnerable software versions
References
https://sourceforge.net/projects/dproxy/
https://www.openwall.com/lists/oss-security/2022/08/14/3
https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner
https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner
https://sourceforge.net/projects/dproxy/
https://www.openwall.com/lists/oss-security/2022/08/14/3
https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner
https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner