14 matches found
CVE-2023-50387
CVE-2023-50387 (KeyTrap) affects DNSSEC processing in DNS resolvers. Multiple advisories note excessive CPU/DoS risk when validating DNSKEY/RRSIG in zones with many records. Affected products include Bind (bind9) and Unbound across Linux distributions (e.g., AL2, AlmaLinux) with patches/released ...
CVE-2019-10190
Knot Resolver up to version 4.1.0 is affected by CVE-2019-10190, a DNSSEC validation bypass that lets NXDOMAIN responses pass to clients even when DNSSEC validation failed, potentially enabling domain hijack. Public advisories (e.g., Debian DLA-3795, Ubuntu USN-7047-1) indicate multiple knot-reso...
CVE-2019-10191
Affected software: knot-resolver (DNS resolver). Vulnerability: Improper handling during DNSSEC validation allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, enabling potential domain hijacking. This is described for Knot Resolver prior to version 4.1.0 (and corr...
CVE-2020-12667
Knot Resolver (the Knot-resolver project) is affected by CVE-2020-12667. The vulnerability allows traffic amplification via a crafted DNS answer from an attacker-controlled server, triggered by random subdomains in the NSDNAME field of NS records (NXNSAttack). Affected versions are Knot Resolver ...
CVE-2019-19331
Knot Resolver (knot-resolver) is affected by CVE-2019-19331, with exploitation arising from processing DNS responses containing a large number of resource records. The issue exists in versions before 4.3.0, and can cause denial of service via high CPU utilization, potentially taking several CPU s...
CVE-2022-40188
CVE-2022-40188 affects Knot Resolver prior to version 5.5.3. The issue is a remote denial-of-service via CPU consumption caused by algorithmic complexity when an attack results in large nameserver or address sets being returned by an authoritative server. Public advisories (NVD entry and various ...
CVE-2018-1110
Knot Resolver vulnerability CVE-2018-1110 affects knot-resolver up to version 2.3.0. The flaw allows denial of service via malformed DNS messages. Severity: CVSS v3.1 high (Network, Low attack complexity, no privileges required, availability impact in the HIGH range). Affected software: knot-reso...
CVE-2013-5661
The connected documents consistently describe CVE-2013-5661 as a DNS cache poisoning issue in the DNS Response Rate Limiting mechanism of ISC BIND. The vulnerability is tied to BIND’s handling of responses that can be poisoned to contaminate DNS caches. Concrete details (affected versions, exact ...
CVE-2022-32983
The CVE-2022-32983 issue affects Knot Resolver up to version 5.5.1, where DNS cache poisoning could occur when an attempt is made to limit forwarding actions by filters. Root cause details in connected sources indicate a vulnerability in handling forwarding/filter constraints that can lead to cac...
CVE-2021-40083
Knot Resolver before 5.3.2 is prone to an assertion failure that can be triggered remotely in a specific edge case: NSEC3 with too many iterations used for a positive wildcard proof. The vulnerability is documented across multiple sources in this CVE, confirming the affected software (Knot Resolv...
CVE-2018-10920
CVE-2018-10920 affects Knot Resolver prior to version 2.4.1. The issue is an improper input validation in the DNS resolver component, enabling a remote attacker to poison DNS caches. Public documents from Fedora/RH/NVD describe Knot Resolver 2.4.1 as the fix for this vulnerability, and Nessus/Ope...
CVE-2023-46317
CVE-2023-46317 affects Knot Resolver prior to 5.7.0. The vulnerability arises when the resolver encounters certain nonsensical DNS responses, triggering excessive TCP reconnections and potential denial of service. Public sources (Debian security advisory DSA-5633-1, OpenVAS/OSV entries) corrobora...
CVE-2023-26249
Knot Resolver is affected by a DoS vulnerability (CVE-2023-26249) in versions prior to 5.6.0. The issue arises from insufficient input validation in the DNS translator, allowing a single client query to trigger many TCP reconnections (up to about a hundred attempts) when upstream servers close wi...
CVE-2018-1000002
Knot Resolver prior to 1.5.2 contains an insufficient DNSSEC validation flaw (CVE-2018-1000002) that could allow an attacker in MITM to deny existence of some data by forging packets. Fedora advisories and OpenVAS/Nessus entries reference CVE-2018-1000002 and show updates (e.g., knot-resolver pac...