'''Cache poisoning''' refers to a [[vulnerability (computing)|computer security vulnerability]] where invalid entries can be placed into a [[cache (computing)|cache]], which are then assumed to be valid when later used.<ref>{{cite web|url=https://capec.mitre.org/data/definitions/141.html|title=CAPEC-141: Cache Poisoning|publisher=[[Common Attack Pattern Enumeration and Classification|CAPEC]]|access-date=2021-01-22|archive-date=2021-01-22|archive-url=https://web.archive.org/web/20210122230525/https://capec.mitre.org/data/definitions/141.html|url-status=live}}</ref> Two common varieties are [[DNS cache poisoning]]<ref>{{Cite journal |last1=Wu |first1=Hao |last2=Dang |first2=Xianglei |last3=Wang |first3=Lidong |last4=He |first4=Longtao |date=2016 |title=Information fusion‐based method for distributed domain name system cache poisoning attack detection and identification |url=https://onlinelibrary.wiley.com/doi/10.1049/iet-ifs.2014.0386 |journal=IET Information Security |language=en |volume=10 |issue=1 |pages=37–44 |doi=10.1049/iet-ifs.2014.0386 |s2cid=45091791 |issn=1751-8717}}</ref> and [[ARP cache poisoning]]. {{ill|[[Web cache poisoning|cs|Cache poisoning}}]] involves the poisoning of [[web cache]]s.<ref>{{cite journalbook |last1=Nguyen |first1=Hoai Viet |last2=Iacono |first2=Luigi Lo |last3=Federrath |first3=Hannes |title=Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security |chapter=Your Cache Has Fallen: Cache-Poisoned Denial-of-Service Attack |journaldate=Proceedings6 of theNovember 2019 ACM|pages=1915–1936 SIGSAC|doi=10.1145/3319535.3354215|isbn=9781450367479 Conference|s2cid=207958900 on}}</ref> Computer(which has led to security issues in programming languages, including all Python versions at the time in 2021, and Communicationsexpedited Securitysecurity updates<ref>{{Cite web |datetitle=6CVE November- 2019CVE-2021-23336 |pagesurl=1915–1936https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336 |doiaccess-date=2023-10-13 |website=cve.1145/3319535mitre.3354215org}}</ref>). Attacks on other other, more specific, caches also exist.<ref>{{cite journalbook |last1=Hensler |first1=Christopher |last2=Tague |first2=Patrick |title=Using bluetooth low energy spoofing to dispute device details: demo |journal=Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks |chapter=Using bluetooth low energy spoofing to dispute device details |date=15 May 2019 |pages=340–342 |doi=10.1145/3317549.3326321|isbn=9781450367264 |s2cid=160010874 }}</ref><ref>{{cite journalbook |last1=Daswani |first1=Neil |last2=Garcia-Molina |first2=Hector |title=Pong-cache poisoning in GUESS |journal=Proceedings of the 11th ACM conference on Computer and communications security |chapter=Pong-cache CCSpoisoning '04in GUESS |date=2004 |pages=9898–109 |doi=10.1145/1030083.1030099|isbn=1581139616 |s2cid=416914 }}</ref><ref>{{cite journal |last1=Wang |first1=Dong |last2=Dong |first2=Wei Yu |title=Attacking Intel UEFI by Using Cache Poisoning |journal=Journal of Physics: Conference Series |date=April 2019 |volume=1187 |issue=4 |pages=042072 |doi=10.1088/1742-6596/1187/4/042072 |urlbibcode=https://iopscience.iop.org/article/10.1088/1742-6596/1187/4/0420722019JPhCS1187d2072W |doi-access=free |access-date=2021-01-22 |archive-date=2020-02-16 |archive-url=https://web.archive.org/web/20200216175457/https://iopscience.iop.org/article/10.1088/1742-6596/1187/4/042072 |url-status=live }}</ref>
