{"document":{"acknowledgments":[{"urls":["https://kb.cert.org/vuls/id/473698#acknowledgements"]}],"category":"CERT/CC Vulnerability Note","csaf_version":"2.0","notes":[{"category":"summary","text":"### Overview\r\nThe uClibc and uClibc-ng libraries, prior to uClibc-ng 1.0.41, are vulnerable to DNS cache poisoning due to the use of predicatble DNS transaction IDs when making DNS requests.  This vulnerability can allow an attacker to perform DNS cache poisoning attacks against a vulnerable environment.\r\n\r\n### Description\r\nThe uClibc and the Uclibc-ng software are lightweight C standard libraries intended for use in embedded systems and mobile devices. The [uClibc](https://uclibc.org/) library has not been updated since May of 2012.  The newer  [uClibc-ng ](https://uclibc-ng.org/)is the currently maintained fork of uClibc, as announced on the OpenWRT mailing list in July 2014. \r\n\r\nResearchers at the Nozomi Networks Security Research Team discovered that all existing versions of uClibc and uClibc-ng libraries are vulnerable to DNS cache poisoning.  These libraries do not employ any randomization in the DNS Transaction ID (DNS TXID) field when creating a new DNS request.  This can allow an attacker to send maliciously crafted DNS packets to corrupt the DNS cache with invalid entries and redirect users to arbitrary sites.  As uClibc and uClibc-ng are used in devices such as home routers and firewalls, an attacker can perform attacks against multiple users in a shared network environment that relies on DNS responses from the vulnerable device. \r\n\r\nThe DNS cache poisoning scenarios and defenses are discussed in [IETF RFC5452](https://tools.ietf.org/html/rfc5452).   \r\n\r\n### Impact\r\nThe lack of DNS response validation can allow an attacker to use unsolicited DNS responses to poison the DNS cache and redirect users to malicious sites.\r\n\r\n### Solution\r\n\r\n#### Apply a patch\r\nIf your vendor has developed a patched version of uClibc or uClibc-ng to address this issue, apply the updates provided by your vendor. [uClibc-ng was updated to 1.0.41](https://mailman.openadk.org/mailman3/hyperkitty/list/devel@uclibc-ng.org/thread/KZD3HQ3MUT63JC3STZ6IH7E7RGQSOV75/) on 05/20/2022.\r\n\r\n#### Product Developers\r\nIf you have a forked or customized version of uClibc or uClibc-ng, develop or adopt a patch to ensure the `dns_lookup` function provides adequate randomization of DNS TXID's while making DNS requests. Review and consider applying the patch has been made available in [patchwork repository](https://patchwork.ozlabs.org/project/uclibc-ng/list/?state=new) of uClibc-ng with VU#638879 tag.\r\n\r\n#### Follow security best practices \r\nConsider the following security best-practices to protect DNS infrastructure:\r\n\r\n*     Prevent direct exposure of IoT devices and lightweight devices over the Internet to minimize attacks against a caching DNS server.\r\n*     Provide secure DNS recursion service with features such as DNSSEC validation and the interim [0x20-bit encoding](https://astrolavos.gatech.edu/articles/increased_dns_resistance.pdf) as part of enterprise DNS recursion services where applicable.\r\n*     Implement a [Secure By Default ](https://en.wikipedia.org/wiki/Secure_by_default) configuration suitable for your operating environment (e.g., disable caching on embedded IoT devices when an upstream caching resolver is available).\r\n\r\n\r\n### Acknowledgements\r\nThanks to the Nozomi Networks Security Research Team for this [report](https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-dns-bug-in-popular-c-standard-library-putting-iot-at-risk/)\r\n\r\nThis document was written by Vijay Sarvepalli and Timur Snoke.","title":"Summary"},{"category":"legal_disclaimer","text":"THIS DOCUMENT IS PROVIDED ON AN 'AS IS' BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. ","title":"Legal Disclaimer"},{"category":"other","text":"CERT/CC Vulnerability Note is a limited advisory. It primarily identifies vendors impacted by the advisory and not specific products. We only support \"known_affected\" and \"known_not_affected\" status. Please consult the vendor's statements and advisory URL if provided by the vendor for more details ","title":"Limitations of Advisory"},{"category":"other","text":"All DNS requests made by userland apps go through a DNS caching resolver before beeing sent to the Internet. The DNS caching resolver implements a transaction-ID/source port randomization that is indepent from what was generated by a userland program (whatever c-library it used).","title":"Vendor statment from AVM GmbH"},{"category":"other","text":"OpenWrt 19.07 is using uClibc-ng only on Synopsys ARC CPUs, all other targets are using musl libc by default. musl libc and glibc are not affected by this problem.\r\nOpenWrt 21.02 and later are not using uClibc-ng or uClibc at all. These versions are not affected by the problem. Synopsys ARC CPUs switched to glibc in OpenWrt 21.02.\r\n\r\nOpenWrt 19.07 is end of life since March 2022 and we will not fix this problem in OpenWrt 19.07 or any other version.","title":"Vendor statment from OpenWRT"},{"category":"other","text":"No Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.","title":"Vendor statment from Brocade Communication Systems"},{"category":"other","text":"I confirmed the use of uClibc to all robot software group.\r\nThere is no use of it in FANUC Robot Controller","title":"Vendor statment from Fanuc America"},{"category":"other","text":"SUSE is not shipping uClibc in any of its current products at this time.","title":"Vendor statment from SUSE Linux"},{"category":"other","text":"Based on our investigation we confirm that there are no platforms/products which are affected from these vulnerabilities.\r\n\r\nSecurity Incident Response Team\r\nJuniper Networks","title":"Vendor statment from Juniper Networks"},{"category":"other","text":"Dear all,\r\n\r\nMoxa is investigating the vulnerability and has determined that none of our products are currently affected. Thank you for the information and notification.\r\n\r\nSincerely,\r\nMoxa PSIRT","title":"Vendor statment from Moxa"},{"category":"other","text":"uCLibc was removed from the Ubuntu archives in 2011, and uClibc-ng has never been included in Ubuntu.","title":"Vendor statment from Ubuntu"},{"category":"other","text":"Our products use Glibc instead of UClibc.","title":"Vendor statment from Actiontec"},{"category":"other","text":"Muonics does not use uClibc or uClibc-ng libraries in any of its products and thus this vulnerability is not applicable.","title":"Vendor statment from Muonics Inc."},{"category":"other","text":"SmartOS (an illumos distribution) is not affected by this issue, nor is our Triton cloud management system.","title":"Vendor statment from Joyent"},{"category":"other","text":"RTI products don't use uClibc or uClibc-ng libraries.","title":"Vendor statment from Real-Time Innovations (RTI)"},{"category":"other","text":"To the knowledge of our development team, we are not at risk or do not use the afore mentioned components that would create the vulnerability.","title":"Vendor statment from Fuji_Electric_Hakko_Electric"},{"category":"other","text":"I have checked our SBOM library and we are not vulnerable to this.","title":"Vendor statment from Rockwell Automation"},{"category":"other","text":"No use of uClibc and uClibc-ng in our products.","title":"Vendor statment from Peplink"},{"category":"other","text":"MikroTik RouterOS v7.x.x does not use uClibc","title":"Vendor statment from MikroTik"},{"category":"other","text":"HardenedBSD supports neither uClibc nor uClibc-ng.","title":"Vendor statment from HardenedBSD"},{"category":"other","text":"F5 does not use uClibc or uClibc-ng in any products.","title":"Vendor statment from F5 Networks"},{"category":"other","text":"We have two active devices using uClibc AND susceptible to this based on version:\r\nConnectCore 9P 9215\r\n\r\nConnectME 9210\r\nWe will patch once it is available.","title":"Vendor statment from Digi International"},{"category":"other","text":"This code is not in our RTOS","title":"Vendor statment from eCosCentric"},{"category":"other","text":"uClibc is not in base illumos.  Distributions, however, may use them, but a quick survey suggests not in mandatory distribution software.","title":"Vendor statment from Illumos"}],"publisher":{"category":"coordinator","contact_details":"Email: cert@cert.org, Phone: +1412 268 5800","issuing_authority":"CERT/CC under DHS/CISA https://www.cisa.gov/cybersecurity also see https://kb.cert.org/ ","name":"CERT/CC","namespace":"https://kb.cert.org/"},"references":[{"url":"https://certcc.github.io/certcc_disclosure_policy","summary":"CERT/CC vulnerability disclosure policy"},{"summary":"CERT/CC document released","category":"self","url":"https://kb.cert.org/vuls/id/473698"},{"url":"https://uclibc.org/","summary":"https://uclibc.org/"},{"url":"https://uclibc-ng.org/","summary":"https://uclibc-ng.org/"},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-30295","summary":"https://nvd.nist.gov/vuln/detail/CVE-2022-30295"},{"url":"https://tools.ietf.org/html/rfc5452","summary":"https://tools.ietf.org/html/rfc5452"},{"url":"https://astrolavos.gatech.edu/articles/increased_dns_resistance.pdf","summary":"https://astrolavos.gatech.edu/articles/increased_dns_resistance.pdf"},{"url":"https://en.wikipedia.org/wiki/Secure_by_default","summary":"https://en.wikipedia.org/wiki/Secure_by_default"},{"url":"https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-dns-bug-in-popular-c-standard-library-putting-iot-at-risk/","summary":"https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-dns-bug-in-popular-c-standard-library-putting-iot-at-risk/"},{"url":"https://www.kb.cert.org/vuls/id/800113","summary":"https://www.kb.cert.org/vuls/id/800113"},{"url":"https://www.kb.cert.org/vuls/id/484649","summary":"https://www.kb.cert.org/vuls/id/484649"},{"url":"https://www.kb.cert.org/vuls/id/927905","summary":"https://www.kb.cert.org/vuls/id/927905"},{"url":"https://patchwork.ozlabs.org/project/uclibc-ng/list/?state=new","summary":"https://patchwork.ozlabs.org/project/uclibc-ng/list/?state=new"},{"url":"https://mailman.openadk.org/mailman3/hyperkitty/list/devel@uclibc-ng.org/thread/KZD3HQ3MUT63JC3STZ6IH7E7RGQSOV75/","summary":"https://mailman.openadk.org/mailman3/hyperkitty/list/devel@uclibc-ng.org/thread/KZD3HQ3MUT63JC3STZ6IH7E7RGQSOV75/"}],"title":"uClibc, uClibc-ng libraries have monotonically increasing DNS transaction ID","tracking":{"current_release_date":"2023-04-04T14:18:35+00:00","generator":{"engine":{"name":"VINCE","version":"3.0.35"}},"id":"VU#473698","initial_release_date":"2022-05-02 00:00:00+00:00","revision_history":[{"date":"2023-04-04T14:18:35+00:00","number":"1.20230404141835.15","summary":"Released on 2023-04-04T14:18:35+00:00"}],"status":"final","version":"1.20230404141835.15"}},"vulnerabilities":[{"title":"The uClibc and uClibc-ng libraries generate DNS requests with incremental transaction IDs, while, at the same time, not enforcing any explicit port randomization techniques during the network connection.","notes":[{"category":"summary","text":"The uClibc and uClibc-ng libraries generate DNS requests with incremental transaction IDs, while, at the same time, not enforcing any explicit port randomization techniques during the network connection. This results in the possibility for an attacker to perform DNS Cache Poisoning attacks against all devices which do not implement additional mitigations at operating system level and/or other layers."}],"cve":"CVE-2022-30295","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#473698"}],"product_status":{"known_affected":["CSAFPID-71a7bcec-3a3d-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-719d9e74-3a3d-11f1-8422-122e2785dc9f","CSAFPID-719de7c6-3a3d-11f1-8422-122e2785dc9f","CSAFPID-719e1d18-3a3d-11f1-8422-122e2785dc9f","CSAFPID-719ebdcc-3a3d-11f1-8422-122e2785dc9f","CSAFPID-719f52be-3a3d-11f1-8422-122e2785dc9f","CSAFPID-719f87b6-3a3d-11f1-8422-122e2785dc9f","CSAFPID-719fc398-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a011cc-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a06b4a-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a0a448-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a0f858-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a13142-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a1628e-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a1a366-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a1ecd6-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a228c2-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a2725a-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a2c674-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a359c2-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a38c4e-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a3b5fc-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a44b16-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a48d74-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a4c06e-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a4ef94-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a5354e-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a571bc-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a5a394-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a5e78c-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a61ac2-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a68d04-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a6b360-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a6fa3c-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a72d4a-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a7536a-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a78560-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a7e83e-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a84cfc-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a89590-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a8e658-3a3d-11f1-8422-122e2785dc9f","CSAFPID-71a92e4c-3a3d-11f1-8422-122e2785dc9f"]}}],"product_tree":{"branches":[{"category":"vendor","name":"F5 Networks","product":{"name":"F5 Networks Products","product_id":"CSAFPID-719d9e74-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Juniper Networks","product":{"name":"Juniper Networks Products","product_id":"CSAFPID-719de7c6-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Ubuntu","product":{"name":"Ubuntu Products","product_id":"CSAFPID-719e1d18-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Nokia","product":{"name":"Nokia Products","product_id":"CSAFPID-719e44dc-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Cisco","product":{"name":"Cisco Products","product_id":"CSAFPID-719e75f6-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"SUSE Linux","product":{"name":"SUSE Linux Products","product_id":"CSAFPID-719ebdcc-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Hewlett Packard Enterprise","product":{"name":"Hewlett Packard Enterprise Products","product_id":"CSAFPID-719f0502-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Joyent","product":{"name":"Joyent Products","product_id":"CSAFPID-719f52be-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Triangle Microworks","product":{"name":"Triangle Microworks Products","product_id":"CSAFPID-719f87b6-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Wind River","product":{"name":"Wind River Products","product_id":"CSAFPID-719fc398-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Synology","product":{"name":"Synology Products","product_id":"CSAFPID-71a011cc-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Treck","product":{"name":"Treck Products","product_id":"CSAFPID-71a06b4a-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Moxa","product":{"name":"Moxa Products","product_id":"CSAFPID-71a0a448-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Fanuc America","product":{"name":"Fanuc America Products","product_id":"CSAFPID-71a0f858-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Real-Time Innovations (RTI)","product":{"name":"Real-Time Innovations (RTI) Products","product_id":"CSAFPID-71a13142-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Fuji_Electric_Hakko_Electric","product":{"name":"Fuji_Electric_Hakko_Electric Products","product_id":"CSAFPID-71a1628e-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Rockwell Automation","product":{"name":"Rockwell Automation Products","product_id":"CSAFPID-71a1a366-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Iconics Inc.","product":{"name":"Iconics Inc. Products","product_id":"CSAFPID-71a1ecd6-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Peplink","product":{"name":"Peplink Products","product_id":"CSAFPID-71a228c2-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Crestron Electronics","product":{"name":"Crestron Electronics Products","product_id":"CSAFPID-71a2725a-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Aveva","product":{"name":"Aveva Products","product_id":"CSAFPID-71a2c674-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"MikroTik","product":{"name":"MikroTik Products","product_id":"CSAFPID-71a31386-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"BOSCH","product":{"name":"BOSCH Products","product_id":"CSAFPID-71a359c2-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Abbott Labs","product":{"name":"Abbott Labs Products","product_id":"CSAFPID-71a38c4e-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"B. Braun","product":{"name":"B. Braun Products","product_id":"CSAFPID-71a3b5fc-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Analog Devices Inc.","product":{"name":"Analog Devices Inc. Products","product_id":"CSAFPID-71a3f33c-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"pfSense","product":{"name":"pfSense Products","product_id":"CSAFPID-71a44b16-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"OpenWRT","product":{"name":"OpenWRT Products","product_id":"CSAFPID-71a48d74-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"HardenedBSD","product":{"name":"HardenedBSD Products","product_id":"CSAFPID-71a4c06e-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Dell SecureWorks","product":{"name":"Dell SecureWorks Products","product_id":"CSAFPID-71a4ef94-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Actiontec","product":{"name":"Actiontec Products","product_id":"CSAFPID-71a5354e-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Advantech Czech","product":{"name":"Advantech Czech Products","product_id":"CSAFPID-71a571bc-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Check Point","product":{"name":"Check Point Products","product_id":"CSAFPID-71a5a394-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"McAfee","product":{"name":"McAfee Products","product_id":"CSAFPID-71a5e78c-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Sierra Wireless","product":{"name":"Sierra Wireless Products","product_id":"CSAFPID-71a61ac2-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"CA Technologies","product":{"name":"CA Technologies Products","product_id":"CSAFPID-71a65a6e-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Aruba Networks","product":{"name":"Aruba Networks Products","product_id":"CSAFPID-71a68d04-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Paessler","product":{"name":"Paessler Products","product_id":"CSAFPID-71a6b360-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"lwIP","product":{"name":"lwIP Products","product_id":"CSAFPID-71a6fa3c-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Muonics Inc.","product":{"name":"Muonics Inc. Products","product_id":"CSAFPID-71a72d4a-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Miredo","product":{"name":"Miredo Products","product_id":"CSAFPID-71a7536a-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Google","product":{"name":"Google Products","product_id":"CSAFPID-71a78560-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Digi International","product":{"name":"Digi International Products","product_id":"CSAFPID-71a7bcec-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Brocade Communication Systems","product":{"name":"Brocade Communication Systems Products","product_id":"CSAFPID-71a7e83e-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Akamai Technologies Inc.","product":{"name":"Akamai Technologies Inc. Products","product_id":"CSAFPID-71a80eea-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"AVM GmbH","product":{"name":"AVM GmbH Products","product_id":"CSAFPID-71a84cfc-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"eCosCentric","product":{"name":"eCosCentric Products","product_id":"CSAFPID-71a89590-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Internet Initiative Japan Inc.","product":{"name":"Internet Initiative Japan Inc. Products","product_id":"CSAFPID-71a8e658-3a3d-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Illumos","product":{"name":"Illumos Products","product_id":"CSAFPID-71a92e4c-3a3d-11f1-8422-122e2785dc9f"}}]}}