Executive Summary

Informations
Name CVE-2022-30699 First vendor Publication 2022-08-01
Vendor Cve Last vendor Modification 2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Overall CVSS Score 6.5
Base Score 6.5 Environmental Score 6.5
impact SubScore 3.6 Temporal Score 6.5
Exploitabality Sub Score 2.8
 
Attack Vector Network Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact None Availability Impact None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30699

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-613 Insufficient Session Expiration

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 38
Os 2

Sources (Detail)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
Source Url
CONFIRM https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt
GENTOO https://security.gentoo.org/glsa/202212-02
MLIST https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
Date Informations
2023-11-07 21:31:50
  • Multiple Updates
2023-03-29 21:27:30
  • Multiple Updates
2023-02-23 09:27:29
  • Multiple Updates
2022-12-19 09:27:27
  • Multiple Updates
2022-10-29 09:27:31
  • Multiple Updates
2022-08-25 17:27:20
  • Multiple Updates
2022-08-12 21:27:22
  • Multiple Updates
2022-08-08 21:27:14
  • Multiple Updates
2022-08-01 21:34:53
  • Multiple Updates
2022-08-01 21:27:11
  • First insertion