{"id":"CVE-2022-34294","details":"totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to prevent traffic injection attacks.","modified":"2026-05-18T05:53:55.787033148Z","published":"2022-08-15T11:53:52Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/34xxx/CVE-2022-34294.json","cna_assigner":"mitre"},"references":[{"type":"WEB","url":"https://www.blackhat.com/presentations/bh-jp-08/bh-jp-08-Kaminsky/BlackHat-Japan-08-Kaminsky-DNS08-BlackOps.pdf"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2022/08/14/2"},{"type":"WEB","url":"https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/34xxx/CVE-2022-34294.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34294"},{"type":"PACKAGE","url":"https://github.com/fwdillema/totd"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/fwdillema/totd","events":[{"introduced":"0"},{"last_affected":"c5df5768b32e3c55d72a1aba9959c970cd50885d"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"1.5.3"}],"cpe":"cpe:2.3:a:totd_project:totd:1.5.3:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["1.5.3-pre","1.5.3","1.5.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-34294.json"}}],"schema_version":"1.7.5"}