Domain Name Resolution Vulnerability in MaraDNS Deadwood Product
CVE-2022-30256

7.5HIGH

Key Information:

Vendor: Maradns
Status: Maradns
Vendor: CVE Published:; 19 November 2022

What is CVE-2022-30256?

A flaw has been identified in the MaraDNS Deadwood version 3.5.0021 that permits unintended resolution of domain names. This vulnerability allows previously revoked domain names—such as expired or malicious domains—to remain resolvable for extended periods. The potential for exploitation is significant, as it aligns with established DNS protocols and can bypass existing mitigation strategies aimed at handling 'Ghost' domains. This issue poses serious operational risks due to the issuance of false domain name responses.

References

https://maradns.samiam.org/

https://maradns.samiam.org/security.html#CVE-2022-30256

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 19, 2022
Vulnerability Reserved
May 4, 2022

CVE-2022-30256 Data

JSON

Maradns

What is CVE-2022-30256?

References

CVSS V3.1

Timeline