{"api_version":"1","generated_at":"2026-04-22T19:50:46+00:00","cve":"CVE-2022-30256","urls":{"html":"https://cve.report/CVE-2022-30256","api":"https://cve.report/api/cve/CVE-2022-30256.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-30256","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-30256"},"summary":{"title":"CVE-2022-30256","description":"An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for \"Ghost\" domain names.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2022-11-19 00:15:00","updated_at":"2023-11-07 03:47:00"},"problem_types":["CWE-672"],"metrics":[],"references":[{"url":"https://maradns.samiam.org/security.html#CVE-2022-30256","name":"https://maradns.samiam.org/security.html#CVE-2022-30256","refsource":"MISC","tags":[],"title":"MaraDNS - a small open-source DNS server","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3VSMLJX25MXGQ6A7UPOGK7VPUVDESPHL/","name":"FEDORA-2023-cdce244fb8","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 37 Update: maradns-3.5.0036-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00019.html","name":"[debian-lts-announce] 20230619 [SECURITY] [DLA 3457-1] maradns security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3457-1] maradns security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://maradns.samiam.org/","name":"https://maradns.samiam.org/","refsource":"MISC","tags":[],"title":"MaraDNS - a small open-source DNS server","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3VSMLJX25MXGQ6A7UPOGK7VPUVDESPHL/","name":"FEDORA-2023-cdce244fb8","refsource":"","tags":[],"title":"[SECURITY] Fedora 37 Update: maradns-3.5.0036-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2023/dsa-5441","name":"DSA-5441","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5441-1 maradns","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NB7LDZM5AGWC5BHHQHW6CP5OFNBBKFOQ/","name":"FEDORA-2023-0c012f6245","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 38 Update: maradns-3.5.0036-1.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NB7LDZM5AGWC5BHHQHW6CP5OFNBBKFOQ/","name":"FEDORA-2023-0c012f6245","refsource":"","tags":[],"title":"[SECURITY] Fedora 38 Update: maradns-3.5.0036-1.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-30256","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-30256","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"30256","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"maradns","cpe5":"maradns","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-30256","qid":"181878","title":"Debian Security Update for maradns (DLA 3457-1)"},{"cve":"CVE-2022-30256","qid":"199635","title":"Ubuntu Security Notification for Mara Domain Name System (DNS) Vulnerabilities (USN-6271-1)"},{"cve":"CVE-2022-30256","qid":"283996","title":"Fedora Security Update for maradns (FEDORA-2023-cdce244fb8)"},{"cve":"CVE-2022-30256","qid":"284134","title":"Fedora Security Update for maradns (FEDORA-2023-0c012f6245)"},{"cve":"CVE-2022-30256","qid":"285314","title":"Fedora Security Update for maradns (FEDORA-2023-3dd938a14d)"},{"cve":"CVE-2022-30256","qid":"6000241","title":"Debian Security Update for maradns (DSA 5441-1)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2022-30256","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for \"Ghost\" domain names."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://maradns.samiam.org/","refsource":"MISC","name":"https://maradns.samiam.org/"},{"refsource":"MISC","name":"https://maradns.samiam.org/security.html#CVE-2022-30256","url":"https://maradns.samiam.org/security.html#CVE-2022-30256"},{"refsource":"FEDORA","name":"FEDORA-2023-0c012f6245","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NB7LDZM5AGWC5BHHQHW6CP5OFNBBKFOQ/"},{"refsource":"FEDORA","name":"FEDORA-2023-cdce244fb8","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3VSMLJX25MXGQ6A7UPOGK7VPUVDESPHL/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20230619 [SECURITY] [DLA 3457-1] maradns security update","url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00019.html"},{"refsource":"DEBIAN","name":"DSA-5441","url":"https://www.debian.org/security/2023/dsa-5441"}]}},"nvd":{"publishedDate":"2022-11-19 00:15:00","lastModifiedDate":"2023-11-07 03:47:00","problem_types":["CWE-672"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:maradns:maradns:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5.0","versionEndExcluding":"3.5.0022","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:maradns:maradns:*:*:*:*:*:*:*:*","versionEndExcluding":"3.4.03","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}