CVE-2022-33989

MEDIUM

dproxy-nexgen - Info Disclosure

Title source: llm

Description

dproxy-nexgen (aka dproxy nexgen) uses a static UDP source port (selected randomly only at boot time) in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to prevent traffic injection attacks.

References (3)

[Third Party Advisory] https://sourceforge.net/projects/dproxy/

[Third Party Advisory] https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner

[Exploit, Mailing List, Third Party Advisory] https://www.openwall.com/lists/oss-security/2022/08/14/3

Scores

CVSS v3 5.3

EPSS 0.0030

EPSS Percentile 53.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-331

Status published

Products (1)

dproxy-nexgen_project/dproxy-nexgen

Published Aug 15, 2022

Tracked Since Feb 18, 2026