Unrated severityNVD Advisory· Published Nov 28, 2014· Updated May 6, 2026

CVE-2014-4883

Description

resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets.

Affected products

Lwip Project/Lwip
cpe:2.3:a:lwip_project:lwip:*:*:*:*:*:*:*:*
Range: <=1.4.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.savannah.gnu.org/cgit/lwip.git/commit/nvdPatch
www.kb.cert.org/vuls/id/210620nvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000