Unrated severityNVD Advisory· Published Nov 28, 2014· Updated Jun 17, 2026
CVE-2014-4883
CVE-2014-4883
Description
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:lwip_project:lwip:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:lwip_project:lwip:*:*:*:*:*:*:*:*range: <=1.4.1
- (no CPE)range: <=1.4.1
Patches
Vulnerability mechanics
References
2- git.savannah.gnu.org/cgit/lwip.git/commit/nvdPatch
- www.kb.cert.org/vuls/id/210620nvdUS Government Resource
News mentions
0No linked articles in our index yet.