CVE-2022-33992

EUVD-2022-37025
DNRD (aka Domain Name Relay Daemon) 2.20.3 forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. This leads to disabling of DNSSEC protection provided by upstream resolvers.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
domain_name_relay_daemon_projectdomain_name_relay_daemon
2.20.3
𝑥
= Vulnerable software versions
References
http://dnrd.sourceforge.net/
https://www.openwall.com/lists/oss-security/2022/08/14/1
https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner
http://dnrd.sourceforge.net/
https://www.openwall.com/lists/oss-security/2022/08/14/1
https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner