CVE-2022-33991
MEDIUMdproxy-nexgen - DNSSEC Protection Bypass via CD Bit Spoofing
Title source: llmDescription
dproxy-nexgen (aka dproxy nexgen) forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. This leads to disabling of DNSSEC protection provided by upstream resolvers.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://sourceforge.net/projects/dproxy/
Third Party Advisory x_refsource_misc
https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2022/08/14/3
Scores
CVSS v3
5.3
EPSS
0.0075
EPSS Percentile
50.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-290
Status
published
Products (1)
dproxy-nexgen_project/dproxy-nexgen
Published
Aug 15, 2022
Tracked Since
Feb 18, 2026