CVE-2022-30258

An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for "Ghost" domain names.
Configurations

Configuration 1 (hide)

cpe:2.3:a:technitium:dns_server:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:02

Type Values Removed Values Added
References () https://github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md#version-81 - Release Notes, Third Party Advisory () https://github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md#version-81 - Release Notes, Third Party Advisory

Information

Published : 2022-11-21 22:15

Updated : 2024-11-21 07:02


NVD link : CVE-2022-30258

Mitre link : CVE-2022-30258

CVE.ORG link : CVE-2022-30258


JSON object : View

Products Affected

technitium

  • dns_server
CWE
CWE-706

Use of Incorrectly-Resolved Name or Reference