CVE-2022-48256: 
Technitium DNS Server vulnerability analysis and mitigation

Technitium DNS Server before version 10.0 was affected by a denial-of-service vulnerability identified as CVE-2022-48256. The vulnerability was discovered and disclosed on January 12, 2023. The issue affects the DNS server's handling of CNAME records, specifically when processing self-CNAME records (NVD, CVE).

The vulnerability is characterized by a self-CNAME denial-of-service condition where a CNAME loop in DNS records causes an answer to contain hundreds of records. This is related to CWE-835 (Loop with Unreachable Exit Condition), which can lead to an infinite loop scenario. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability can cause a denial-of-service condition by forcing the DNS server to process an excessive number of CNAME records in a loop, potentially exhausting server resources and affecting the availability of the DNS service (NVD).

The vulnerability was fixed in Technitium DNS Server version 10.0. Users running affected versions should upgrade to version 10.0 or later to mitigate this security issue (Technitium Changelog).