Home > Vulnerability Database > CVE-2022-30256

Mend.io Vulnerability Database

CVE-2022-30256

Good to know:

Date: November 17, 2022

An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for "Ghost" domain names.

Language: C

Severity Score

7.5

Related Resources (11)

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3VSMLJX25MXGQ6A7UPOGK7VPUVDESPHL/

Url: https://lists.debian.org/debian-lts-announce/2023/06/msg00019.html

Url: https://maradns.samiam.org/security.html#CVE-2022-30256

Url: https://www.debian.org/security/2023/dsa-5441

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-30256

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NB7LDZM5AGWC5BHHQHW6CP5OFNBBKFOQ/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3VSMLJX25MXGQ6A7UPOGK7VPUVDESPHL/

Url: https://maradns.samiam.org/

Url: https://security-tracker.debian.org/tracker/CVE-2022-30256

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NB7LDZM5AGWC5BHHQHW6CP5OFNBBKFOQ/

Url: https://www.mend.io/vulnerability-database/CVE-2022-30256

Severity Score

7.5

Weakness Type (CWE)

Operation on a Resource after Expiration or Release

CWE-672

Top Fix

Upgrade Version

Upgrade to version 3.5.0022,coLunacyDNS-1.0.012

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-30256

Good to know:

Date: November 17, 2022

Language: C

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?