CNAME Loop Denial-of-Service in Technitium DNS Server
CVE-2022-48256

7.5HIGH

Key Information:

Vendor: Technitium
Status: Dns Server
Vendor: CVE Published:; 13 January 2023

What is CVE-2022-48256?

The Technitium DNS Server prior to version 10.0 is susceptible to a denial-of-service condition due to a self-CNAME vulnerability. This issue allows an attacker to create a CNAME loop, resulting in an excessively large DNS response containing hundreds of records. This can overwhelm DNS servers and disrupt normal service, posing significant risks to network integrity and performance.

References

https://github.com/TechnitiumSoftware/DnsServer/blob/mast...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 13, 2023
Vulnerability Reserved
Jan 13, 2023

CVE-2022-48256 Data

JSON