Lucene search
K

196 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.8 views

SUSE CVE-2009-4022

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled CD, allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive...

2.6CVSS7.5AI score0.07952EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.5 views

SUSE CVE-2019-3807

An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation...

9.8CVSS7AI score0.0036EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:59 a.m.5 views

SUSE CVE-2020-12244

An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation...

7.5CVSS8.4AI score0.02434EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:53 a.m.5 views

SUSE CVE-2020-25683

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory...

5.9CVSS7.5AI score0.86041EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2022/12/08 12:0 a.m.9 views

PT-2023-8454

Name of the Vulnerable Software and Affected Versions systemd-resolved affected versions not specified Description The issue is related to insufficient authentication checks of messages from DNS clients in the systemd-resolved service, which manages network connections and domain name resolutions...

7.8CVSS6.6AI score0.01051EPSS
Exploits4References65
BDU FSTEC
BDU FSTEC
added 2022/10/06 12:0 a.m.8 views

The vulnerability of the DNSSEC implementation on BIND servers allows attackers to perform a type of attack known as “denial-of-service attack”.

The vulnerability of the DNSSEC technology’s DNS BIND server is related to improper verification of the EdDSA cryptographic signature. Exploiting this vulnerability could allow a malicious actor to perform a denial-of-service attack remotely...

7.8CVSS6.5AI score0.02176EPSS
Exploits0References16Affected Software8
BDU FSTEC
BDU FSTEC
added 2022/10/06 12:0 a.m.6 views

The vulnerability of the DNSSEC implementation in BIND servers allows attackers to perform a type of “denial-of-service attack”.

The vulnerability of the DNSSEC technology’s DNS BIND server stems from improper verification of the ECDSA cryptographic signature. Exploiting this vulnerability allows a malicious actor to perform a type of “denial-of-service” attack...

7.8CVSS6.6AI score0.02299EPSS
Exploits0References17Affected Software8
RedHat Linux
RedHat Linux
added 2022/10/04 4:6 p.m.8 views

bind: memory leaks in EdDSA DNSSEC verification code

A flaw was found in the Bind package, where the DNSSEC verification code for the EdDSA algorithm leaks memory when there is a signature length mismatch. By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak, resulting in...

7.5CVSS7.2AI score0.02176EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/10/04 3:40 p.m.5 views

bind: memory leak in ECDSA DNSSEC verification code

A flaw was found in the Bind package. By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak, resulting in crashing the program...

7.5CVSS7.1AI score0.02299EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/10/04 3:38 p.m.7 views

bind: memory leak in ECDSA DNSSEC verification code

A flaw was found in the Bind package. By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak, resulting in crashing the program...

7.5CVSS7.1AI score0.02299EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/10/03 4:4 p.m.8 views

bind: memory leaks in EdDSA DNSSEC verification code

A flaw was found in the Bind package, where the DNSSEC verification code for the EdDSA algorithm leaks memory when there is a signature length mismatch. By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak, resulting in...

7.5CVSS7.2AI score0.02176EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/10/03 3:35 p.m.7 views

bind: memory leaks in EdDSA DNSSEC verification code

A flaw was found in the Bind package, where the DNSSEC verification code for the EdDSA algorithm leaks memory when there is a signature length mismatch. By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak, resulting in...

7.5CVSS7.2AI score0.02176EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/09/29 12:0 a.m.7 views

PT-2022-21781 · Unknown · Go-Resolver

Name of the Vulnerable Software and Affected Versions: go-resolver affected versions not specified Description: The issue is related to incorrect DNSSEC validation. An attacker can cause the package to report successful validation for invalid, attacker-controlled records. Specifically, root DNSSE...

7.7CVSS7.2AI score0.00242EPSS
Exploits0References8
Microsoft CVE
Microsoft CVE
added 2022/09/24 7:0 a.m.5 views

Memory leak in ECDSA DNSSEC verification code

...

7.5CVSS7.7AI score0.02299EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/08/15 1:15 p.m.4 views

CVE-2022-33991

dproxy-nexgen aka dproxy nexgen forwards and caches DNS queries with the CD aka checking disabled bit set to 1. This leads to disabling of DNSSEC protection provided by upstream resolvers...

5.3CVSS5.9AI score0.00753EPSS
Exploits1References4
Akamai Blog
Akamai Blog
added 2021/03/19 4:0 p.m.375 views

DNSSEC: How It Works & Key Considerations

From its beginnings as a replacement for a centralized database, the Domain Name System DNS has evolved into a dynamic, highly distributed, question-answer protocol. The proverbial "phone book of the internet" has increased in complexity and scale alongside the rapid growth of the World Wide Web...

7.2AI score
Exploits0
OSV
OSV
added 2021/01/20 5:15 p.m.2 views

DEBIAN-CVE-2020-25687

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory...

5.9CVSS6.7AI score0.86692EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2021/01/19 9:25 p.m.182 views

DNSpooq Flaws Allow DNS Hijacking of Millions of Devices

Researchers have uncovered a set of flaws in dnsmasq, popular open-source software used for caching Domain Name System DNS responses for home and commercial routers and servers. The set of seven flaws are comprised of buffer overflow issues and flaws allowing for DNS cache-poisoning attacks also...

0.7AI score0.86692EPSS
Exploits2References6
RedHat Linux
RedHat Linux
added 2021/01/19 3:6 p.m.2 views

dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled

A flaw was found in dnsmasq. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary da...

8.3CVSS7.8AI score0.81191EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2021/01/19 3:6 p.m.3 views

dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled

A flaw was found in dnsmasq. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is cause...

7.1CVSS7.7AI score0.86041EPSS
Exploits0References6
Rows per page
Query Builder