AZL-9702

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-9702.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-9702

Upstream

CVE-2022-30295

Published

2022-05-06T05:15:07Z

Modified

2026-04-21T04:35:07.388285Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N CVSS Calculator

Summary

CVE-2022-30295 affecting package uclibc-ng for versions less than 1.0.41-1

Details

uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-30295

Affected packages

Azure Linux:2 / uclibc-ng

Package

Name: uclibc-ng
Purl: pkg:rpm/azure-linux/uclibc-ng

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.41-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-9702.json"