Overview
The uClibc and uClibc-ng libraries, prior to uClibc-ng 1.0.41, are vulnerable to DNS cache poisoning due to the use of predicatble DNS transaction IDs when making DNS requests. This vulnerability can allow an attacker to perform DNS cache poisoning attacks against a vulnerable environment.
Description
The uClibc and the Uclibc-ng software are lightweight C standard libraries intended for use in embedded systems and mobile devices. The uClibc library has not been updated since May of 2012. The newer uClibc-ng is the currently maintained fork of uClibc, as announced on the OpenWRT mailing list in July 2014.
Researchers at the Nozomi Networks Security Research Team discovered that all existing versions of uClibc and uClibc-ng libraries are vulnerable to DNS cache poisoning. These libraries do not employ any randomization in the DNS Transaction ID (DNS TXID) field when creating a new DNS request. This can allow an attacker to send maliciously crafted DNS packets to corrupt the DNS cache with invalid entries and redirect users to arbitrary sites. As uClibc and uClibc-ng are used in devices such as home routers and firewalls, an attacker can perform attacks against multiple users in a shared network environment that relies on DNS responses from the vulnerable device.
The DNS cache poisoning scenarios and defenses are discussed in IETF RFC5452.
Impact
The lack of DNS response validation can allow an attacker to use unsolicited DNS responses to poison the DNS cache and redirect users to malicious sites.
Solution
Apply a patch
If your vendor has developed a patched version of uClibc or uClibc-ng to address this issue, apply the updates provided by your vendor. uClibc-ng was updated to 1.0.41 on 05/20/2022.
Product Developers
If you have a forked or customized version of uClibc or uClibc-ng, develop or adopt a patch to ensure the dns_lookup function provides adequate randomization of DNS TXID's while making DNS requests. Review and consider applying the patch has been made available in patchwork repository of uClibc-ng with VU#638879 tag.
Follow security best practices
Consider the following security best-practices to protect DNS infrastructure:
- Prevent direct exposure of IoT devices and lightweight devices over the Internet to minimize attacks against a caching DNS server.
- Provide secure DNS recursion service with features such as DNSSEC validation and the interim 0x20-bit encoding as part of enterprise DNS recursion services where applicable.
- Implement a Secure By Default configuration suitable for your operating environment (e.g., disable caching on embedded IoT devices when an upstream caching resolver is available).
Acknowledgements
Thanks to the Nozomi Networks Security Research Team for this report
This document was written by Vijay Sarvepalli and Timur Snoke.
Vendor Information
Digi International Affected
Statement Date: March 22, 2022
| CVE-2022-30295 | Affected |
Vendor Statement
We have two active devices using uClibc AND susceptible to this based on version: ConnectCore 9P 9215
ConnectME 9210 We will patch once it is available.
Abbott Labs Not Affected
Statement Date: March 02, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
Actiontec Not Affected
Statement Date: March 11, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
Our products use Glibc instead of UClibc.
Advantech Czech Not Affected
Statement Date: January 24, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
Aruba Networks Not Affected
Statement Date: March 21, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
Aveva Not Affected
Statement Date: March 16, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
AVM GmbH Not Affected
Statement Date: February 10, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
All DNS requests made by userland apps go through a DNS caching resolver before beeing sent to the Internet. The DNS caching resolver implements a transaction-ID/source port randomization that is indepent from what was generated by a userland program (whatever c-library it used).
B. Braun Not Affected
Statement Date: February 01, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
BOSCH Not Affected
Statement Date: May 03, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
Brocade Communication Systems Not Affected
Statement Date: April 06, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
No Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.
Check Point Not Affected
Statement Date: January 25, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
Crestron Electronics Not Affected
Statement Date: January 26, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
Dell SecureWorks Not Affected
Statement Date: January 24, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
eCosCentric Not Affected
Statement Date: January 26, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
This code is not in our RTOS
F5 Networks Not Affected
Statement Date: April 04, 2023
| CVE-2022-30295 | Not Affected |
Vendor Statement
F5 does not use uClibc or uClibc-ng in any products.
Fanuc America Not Affected
Statement Date: May 10, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
I confirmed the use of uClibc to all robot software group. There is no use of it in FANUC Robot Controller
Fuji_Electric_Hakko_Electric Not Affected
Statement Date: May 09, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
To the knowledge of our development team, we are not at risk or do not use the afore mentioned components that would create the vulnerability.
Google Not Affected
Statement Date: February 07, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
HardenedBSD Not Affected
Statement Date: February 01, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
HardenedBSD supports neither uClibc nor uClibc-ng.
Iconics Inc. Not Affected
Statement Date: May 03, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
Illumos Not Affected
Statement Date: January 24, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
uClibc is not in base illumos. Distributions, however, may use them, but a quick survey suggests not in mandatory distribution software.
Internet Initiative Japan Inc. Not Affected
Statement Date: January 25, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
Joyent Not Affected
Statement Date: January 24, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
SmartOS (an illumos distribution) is not affected by this issue, nor is our Triton cloud management system.
Juniper Networks Not Affected
Statement Date: February 22, 2023
| CVE-2022-30295 | Not Affected |
Vendor Statement
Based on our investigation we confirm that there are no platforms/products which are affected from these vulnerabilities.
Security Incident Response Team Juniper Networks
lwIP Not Affected
Statement Date: January 24, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
McAfee Not Affected
Statement Date: January 24, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
Miredo Not Affected
Statement Date: January 24, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
Moxa Not Affected
Statement Date: May 23, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
Dear all,
Moxa is investigating the vulnerability and has determined that none of our products are currently affected. Thank you for the information and notification.
Sincerely, Moxa PSIRT
Muonics Inc. Not Affected
Statement Date: January 25, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
Muonics does not use uClibc or uClibc-ng libraries in any of its products and thus this vulnerability is not applicable.
OpenWRT Not Affected
Statement Date: March 21, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
OpenWrt 19.07 is using uClibc-ng only on Synopsys ARC CPUs, all other targets are using musl libc by default. musl libc and glibc are not affected by this problem. OpenWrt 21.02 and later are not using uClibc-ng or uClibc at all. These versions are not affected by the problem. Synopsys ARC CPUs switched to glibc in OpenWrt 21.02.
OpenWrt 19.07 is end of life since March 2022 and we will not fix this problem in OpenWrt 19.07 or any other version.
Paessler Not Affected
Statement Date: April 04, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
Peplink Not Affected
Statement Date: May 03, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
No use of uClibc and uClibc-ng in our products.
pfSense Not Affected
Statement Date: April 01, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
Real-Time Innovations (RTI) Not Affected
Statement Date: May 09, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
RTI products don't use uClibc or uClibc-ng libraries.
Rockwell Automation Not Affected
Statement Date: January 24, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
I have checked our SBOM library and we are not vulnerable to this.
Sierra Wireless Not Affected
Statement Date: February 10, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
SUSE Linux Not Affected
Statement Date: June 07, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
SUSE is not shipping uClibc in any of its current products at this time.
Synology Not Affected
Statement Date: May 27, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
Treck Not Affected
Statement Date: May 27, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
Triangle Microworks Not Affected
Statement Date: June 03, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
Ubuntu Not Affected
Statement Date: August 23, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
uCLibc was removed from the Ubuntu archives in 2011, and uClibc-ng has never been included in Ubuntu.
Wind River Not Affected
Statement Date: May 27, 2022
| CVE-2022-30295 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
MikroTik Unknown
Statement Date: January 24, 2022
| CVE-2022-30295 | Unknown |
Vendor Statement
MikroTik RouterOS v7.x.x does not use uClibc
A10 Networks Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
ABB Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
ACCESS Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Actelis Networks Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
ADATA Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
ADTRAN Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Advantech B-B Technology Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Advantech Taiwan Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Aerohive Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
AhnLab Inc Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
AirWatch Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Akamai Technologies Inc. Unknown
Statement Date: May 02, 2022
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Alcatel-Lucent Enterprise Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Allied Telesis Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Alpine Linux Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Alstom Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Altran Intelligent Systems Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Amazon Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
AMTELCO Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Analog Devices Inc. Unknown
Statement Date: January 24, 2022
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Android Open Source Project Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
ANTlabs Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Apple Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Arcadyan Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Arch Linux Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Arista Networks Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
ARRIS Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
ASUSTeK Computer Inc. Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Atheros Communications Inc Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
AT&T Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Automated Solutions Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Avaya Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Barracuda Networks Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Baxter US Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Belden Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Belkin Inc. Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Bell Canada Enterprises Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
BlackBerry Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Blackberry QNX Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
BlueCat Networks Inc. Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Blue Coat Systems Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Blunk Microsystems Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
BoringSSL Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Broadcom Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Buffalo Technology Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Cambium Networks Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Canon Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Carel Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
CareStream Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
CA Technologies Unknown
Statement Date: January 25, 2022
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Caterpillar Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Ceragon Networks Inc Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Cirpack Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Cisco Unknown
Statement Date: July 11, 2022
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
CMX Systems Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Comcast Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Commscope Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Contiki OS Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Cradlepoint Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Cricket Wireless Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Cypress Semiconductor Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
CZ.NIC Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Daktronics Inc. Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
dd-wrt Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Debian GNU/Linux Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Dell Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Dell EMC Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
DesktopBSD Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Deutsche Telekom Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Devicescape Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
D-Link Systems Inc. Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
dnsmasq Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
DragonFly BSD Project Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Eaton Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
eero Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
EfficientIP Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
ENEA Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Ericsson Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Espressif Systems Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
European Registry for Internet Domains Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Express Logic Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Extreme Networks Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Fastly Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Fedora Project Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Fiat Chrysler Automobiles Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
FNet Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Force10 Networks Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Fortinet Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
FreeBSD Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
FreeRTOS Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
F-Secure Corporation Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
General Electric Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Gentoo Linux Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
GFI Software Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
GNU adns Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
GNU glibc Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Grandstream Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Green Hills Software Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
HCC Embedded Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Hewlett Packard Enterprise Unknown
Statement Date: June 24, 2022
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Hitachi Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Hitachi Energy Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Honeywell Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
HP Inc. Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
HTC Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Huawei Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
IBM Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
IBM Corporation (zseries) Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
IBM Numa-Q Division (Formerly Sequent) Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
ICASI Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Infoblox Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
InfoExpress Inc. Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Inmarsat Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Intel Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Internet Systems Consortium Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Internet Systems Consortium - DHCP Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Invensys Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
IP Infusion Inc. Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
JH Software Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Johnson Controls Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
JPCERT/CC Vulnerability Handling Team Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
KMC Controls Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
kubernetes Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
LANCOM Systems GmbH Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Lancope Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Lantronix Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Lenovo Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
LG Electronics Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
LibreSSL Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Linksys Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
LITE-ON Technology Corporation Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
LiteSpeed Technologies Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Lynx Software Technologies Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
m0n0wall Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Marconi Inc. Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Marvell Semiconductor Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
MediaTek Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Medtronic Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Meinberg Funkuhren GmbH & Co. KG Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Men & Mice Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Metaswitch Networks Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Microchip Technology Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Micro Focus Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Microsoft Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Mitel Networks Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Mitsubishi Electric Corporation Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Monroe Electronics Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Motorola Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
National Cyber Security Center Netherlands Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
National Cyber Security Centre Finland Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
NCSC-FI Vulnerability Coordinator Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
NEC Corporation Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
NetBSD Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
NetBurner Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
NetComm Wireless Limited Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
NETGEAR Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
NETSCOUT Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
netsnmp Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
netsnmpj Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Nexenta Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
NIKSUN Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Nixu Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
NLnet Labs Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Nokia Unknown
Statement Date: July 12, 2022
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
OleumTech Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
OpenBSD Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
OpenConnect Ltd Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
OpenDNS Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
OpenIndiana Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
OpenSSL Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Openwall GNU/*/Linux Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Oracle Corporation Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Oryx Embedded Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Palo Alto Networks Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Panasonic Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Philips Electronics Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Philips Healthcare Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Phoenix Contact Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
PHPIDS Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
PowerDNS Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Proxim Inc. Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Pulse Secure Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
QLogic Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
QNAP Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Quadros Systems Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Quagga Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Qualcomm Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Quantenna Communications Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
RealFlex Technologies Ltd Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Red Hat Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Red Lion Controls Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Riverbed Technologies Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Roku Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Ruckus Wireless Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Ruijie Networks Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Sabre Airline Solutions Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Samsung Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Samsung Mobile Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Samsung Semiconductor Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Schneider Electric Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Secure64 Software Corporation Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
SEIKO EPSON Corp. / Epson America Inc. Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Siemens Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Slackware Linux Inc. Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
SMC Networks Inc. Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
SmoothWall Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Snort Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
SonicWall Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Sonos Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Sony Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Sophos Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Sourcefire Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Symantec Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
systemd Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
TCPWave Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
TDS Telecom Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Technicolor Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Tenable Network Security Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Tesla Motors Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Thales Group Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
The OpenBSD project Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
TippingPoint Technologies Inc. Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Tizen Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
TP-LINK Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Trane Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Tropos Networks Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
TrueOS Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Turbolinux Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Ubiquiti Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
uClibc-ng Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Unisys Corporation Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Univention Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Untangle Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
VMware Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Vultures List Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Wago Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
WECON Technology Co Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Wibu-Systems Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
WizNET Technology Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
wolfSSL Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Xiaomi Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
XigmaNAS Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Xilinx Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Xylem Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Zebra Technologies Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Zephyr Project Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Zoll Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Zonare/Mindray Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
ZTE Corporation Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Zyxel Unknown
| CVE-2022-30295 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
References
- https://uclibc.org/
- https://uclibc-ng.org/
- https://nvd.nist.gov/vuln/detail/CVE-2022-30295
- https://tools.ietf.org/html/rfc5452
- https://astrolavos.gatech.edu/articles/increased_dns_resistance.pdf
- https://en.wikipedia.org/wiki/Secure_by_default
- https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-dns-bug-in-popular-c-standard-library-putting-iot-at-risk/
- https://www.kb.cert.org/vuls/id/800113
- https://www.kb.cert.org/vuls/id/210620
- https://www.kb.cert.org/vuls/id/484649
- https://www.kb.cert.org/vuls/id/252735
- https://www.kb.cert.org/vuls/id/927905
- https://patchwork.ozlabs.org/project/uclibc-ng/list/?state=new
- https://mailman.openadk.org/mailman3/hyperkitty/list/devel@uclibc-ng.org/thread/KZD3HQ3MUT63JC3STZ6IH7E7RGQSOV75/
Other Information
| CVE IDs: | CVE-2022-30295 |
| API URL: | VINCE JSON | CSAF |
| Date Public: | 2022-05-02 |
| Date First Published: | 2022-05-09 |
| Date Last Updated: | 2023-04-04 14:18 UTC |
| Document Revision: | 15 |