MEDIUM🇵🇱 Wersja polska

CVE-2021-43105

CVSS 4.3v3.1pub. 2022-03-28upd. 2024-11-21

A vulnerability in the bailiwick checking function in Technitium DNS Server <= v7.0 exists that allows specific malicious users to inject `NS` records of any domain (even TLDs) into the cache and conduct a DNS cache poisoning attack.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
  • Technitium Dns Server

    APP
    Technitium
    ≤ 7.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-30257CRITICAL9.8ten sam produkt

An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of unintended domain nam...

CVE-2022-30258CRITICAL9.8ten sam produkt

An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain nam...

CVE-2022-48256HIGH7.5ten sam produkt

Technitium DNS Server before 10.0 allows a self-CNAME denial-of-service attack in which a CNAME loop causes an...

CVE-2026-42255HIGH7.2ten sam vendor

Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic name server delegation.

CVE-2025-50334HIGH7.5ten sam vendor

An issue in Technitium DNS Server v.13.5 allows a remote attacker to cause a denial of service via the rate-li...