{"id":"CVE-2022-30295","details":"uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2.","modified":"2026-03-14T08:43:17.089539Z","published":"2022-05-06T05:15:07.213Z","references":[{"type":"ADVISORY","url":"https://www.kb.cert.org/vuls/id/473698"},{"type":"ADVISORY","url":"https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-dns-bug-in-popular-c-standard-library-putting-iot-at-risk/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wbx-github/uclibc-ng","events":[{"introduced":"0"},{"last_affected":"9e504a4ac839ac771ee96ea626d225adaa7df054"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.0.40"}]}}],"versions":["v1.0.0","v1.0.1","v1.0.10","v1.0.11","v1.0.12","v1.0.13","v1.0.14","v1.0.15","v1.0.16","v1.0.17","v1.0.18","v1.0.19","v1.0.2","v1.0.20","v1.0.21","v1.0.22","v1.0.23","v1.0.24","v1.0.25","v1.0.26","v1.0.27","v1.0.28","v1.0.29","v1.0.30","v1.0.31","v1.0.32","v1.0.33","v1.0.34","v1.0.35","v1.0.36","v1.0.37","v1.0.38","v1.0.39","v1.0.4","v1.0.40","v1.0.5","v1.0.6","v1.0.7","v1.0.8","v1.0.9"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"0.9.33.2"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-30295.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"}]}