Primary

Context

Technitium DNS Server DNS Cache Poisoning Vulnerability

Vulnerability

Patched

A DNS cache poisoning vulnerability has been identified in Technitium DNS Server versions prior to 14.2.2. This vulnerability allows attackers to inject false DNS responses, exploiting the server's handling of IP fragmentation. The issue arises from missing bailiwick validations for NS records in referral responses, which can be manipulated to conduct a cache poisoning attack.

Impact

Exploitation of this vulnerability allows for DNS cache poisoning, where false DNS responses can be injected and cached by the DNS server. This can lead to clients being misdirected to malicious or unintended destinations.

Remediation

Users can upgrade to Technitium DNS Server version 14.2.2 or later, where this vulnerability has been fixed.

Added: Dec 1, 2025, 3:17 PM

Updated: Dec 1, 2025, 8:34 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.3

exploitability

7.4

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.3

exploitability

7.4

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Technitium DNS Server DNS Cache Poisoning Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Technitium DNS Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating