CRITICAL🇬🇧 English

CVE-2022-30258

CVSS 9.8v3.1pub. 2022-11-21upd. 2025-04-30

An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for "Ghost" domain names.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Technitium Dns Server

    APP
    Technitium
    ≤ 8.0.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-30257CRITICAL9.8ten sam produkt

An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of unintended domain nam...

CVE-2022-48256HIGH7.5ten sam produkt

Technitium DNS Server before 10.0 allows a self-CNAME denial-of-service attack in which a CNAME loop causes an...

CVE-2021-43105MEDIUM4.3ten sam produkt

A vulnerability in the bailiwick checking function in Technitium DNS Server <= v7.0 exists that allows specifi...

CVE-2026-42255HIGH7.2ten sam vendor

Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic name server delegation.

CVE-2025-50334HIGH7.5ten sam vendor

An issue in Technitium DNS Server v.13.5 allows a remote attacker to cause a denial of service via the rate-li...

CVE-2022-30258 — CRITICAL 9.8 | CVEbaza.pl