CVE-2022-23748

HIGH KEV

mDNSResponder.exe - DLL Sideloading

Title source: llm

Description

mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files.

References (3)

[Broken Link] https://cpr-zero.checkpoint.com/vulns/cprid-2193/%2C

[Vendor Advisory] https://www.audinate.com/learning/faqs/audinate-response-to-dante-discovery-mdnsresponder-exe-security-issue-cve-2022-23748

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-23748

Scores

CVSS v3 7.8

EPSS 0.1174

EPSS Percentile 93.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2025-02-06

VulnCheck KEV 2023-10-11

ENISA EUVD EUVD-2022-28684

CWE

CWE-114 CWE-426

Status published

Products (1)

audinate/dante_application_library < 1.2.0

Published Nov 17, 2022

KEV Added Feb 06, 2025

Tracked Since Feb 18, 2026