FAQ

Audinate Response to Dante Discovery (mDNSResponder.exe) Security Issue (CVE-2022-23748)

Affected Products / Versions: Third-party products that utiliseDante Application Library for Windows v1.2.0 and earlier

Publication Date: 7 December 2022

Summary: 

A security vulnerability (CVE-2021-23748) in mDNSResponder.exe contained in Dante Application Library for Windows v1.2.0 and earlier has been published. 

This vulnerability only affects products that utilise Dante Application Library for Windows and does not affect any other Dante hardware or software products that include mDNSResponder.exe.

Details:

mDNSResponder.exe v1.3.1 and earlier is vulnerable to a DLL side loading attack. This executable is a component built specifically for Dante Application Library for Windows v1.2.0 and earlier

This could allow a local attacker with access to the PC running Dante Application Library the ability to execute arbitrary code. It is not possible to remotely exploit this vulnerability.

Remediation:

An updated mDNSResponder.exe  v1.3.2 has been released to all affected third parties as part of Dante Application Library for Windows v1.2.1; and as a standalone security patch for Dante Application Library for Windows v1.2.0 and earlier

If you believe you are running software that utilises Dante Application Library for Windows, please contact the third-party vendor for a software update.

References:

CVE-2022-23748 – https://nvd.nist.gov/vuln/detail/CVE-2022-23748

CAPEC-641 – https://capec.mitre.org/data/definitions/641.html

CWE-114 – https://cwe.mitre.org/data/definitions/114.html