all InfoSec news
VU#473698: CVE-2022-30295 - uClibc, uClibc-ng Libraries Have Monotonically Increasing DNS Transaction ID
May 9, 2022, 6:58 p.m. |
CERT Recently Published Vulnerability Notes kb.cert.org
Overview
The uClibc and uClibc-ng libraries are vulnerable to DNS cache poisoning due to the use of predicatble DNS transaction IDs when making DNS requests. This vulnerability can allow an attacker to perform DNS cache poisoning attacks against a vulnerable environment.
Description
The uClibc and the Uclibc-ng software are lightweight C standard libraries intended for use in embedded systems and mobile devices. The uClibc library has not been updated since May of 2012. The newer uClibc-ng is the currently maintained …
More from kb.cert.org / CERT Recently Published Vulnerability Notes
VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks
2 weeks, 5 days ago |
kb.cert.org
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Network AWS Cloud &Firewall Engineer
@ Arthur Grand Technologies Inc | Plano, TX, United States
Lead Consultant, Data Centre & BCP
@ Singtel | Singapore, Singapore
Protocol Security Engineer
@ Osmosis Labs | Remote
Technical Engineer - Payments Security Specialist
@ H&M Group | Bengaluru, India
Intern, Security Architecture
@ Sony | Work from Home-CA