Lucene search
K
NicKnot Resolver

14 matches found

CVE
CVE
added 2024/02/14 12:0 a.m.3262 views

CVE-2023-50387

CVE-2023-50387 (KeyTrap) affects DNSSEC processing in DNS resolvers. Multiple advisories note excessive CPU/DoS risk when validating DNSKEY/RRSIG in zones with many records. Affected products include Bind (bind9) and Unbound across Linux distributions (e.g., AL2, AlmaLinux) with patches/released ...

7.5CVSS7.7AI score0.99995EPSS
CVE
CVE
added 2019/07/16 5:50 p.m.264 views

CVE-2019-10190

Knot Resolver up to version 4.1.0 is affected by CVE-2019-10190, a DNSSEC validation bypass that lets NXDOMAIN responses pass to clients even when DNSSEC validation failed, potentially enabling domain hijack. Public advisories (e.g., Debian DLA-3795, Ubuntu USN-7047-1) indicate multiple knot-reso...

7.5CVSS7.3AI score0.01993EPSS
CVE
CVE
added 2019/07/16 5:52 p.m.233 views

CVE-2019-10191

Affected software: knot-resolver (DNS resolver). Vulnerability: Improper handling during DNSSEC validation allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, enabling potential domain hijacking. This is described for Knot Resolver prior to version 4.1.0 (and corr...

7.5CVSS7.2AI score0.01932EPSS
CVE
CVE
added 2020/05/19 12:0 a.m.193 views

CVE-2020-12667

Knot Resolver (the Knot-resolver project) is affected by CVE-2020-12667. The vulnerability allows traffic amplification via a crafted DNS answer from an attacker-controlled server, triggered by random subdomains in the NSDNAME field of NS records (NXNSAttack). Affected versions are Knot Resolver ...

7.5CVSS7.2AI score0.02619EPSS
CVE
CVE
added 2019/12/16 12:0 a.m.136 views

CVE-2019-19331

Knot Resolver (knot-resolver) is affected by CVE-2019-19331, with exploitation arising from processing DNS responses containing a large number of resource records. The issue exists in versions before 4.3.0, and can cause denial of service via high CPU utilization, potentially taking several CPU s...

7.5CVSS7.1AI score0.02166EPSS
CVE
CVE
added 2022/09/23 12:0 a.m.123 views

CVE-2022-40188

CVE-2022-40188 affects Knot Resolver prior to version 5.5.3. The issue is a remote denial-of-service via CPU consumption caused by algorithmic complexity when an attack results in large nameserver or address sets being returned by an authoritative server. Public advisories (NVD entry and various ...

7.5CVSS7.2AI score0.01521EPSS
CVE
CVE
added 2021/03/30 1:55 a.m.107 views

CVE-2018-1110

Knot Resolver vulnerability CVE-2018-1110 affects knot-resolver up to version 2.3.0. The flaw allows denial of service via malformed DNS messages. Severity: CVSS v3.1 high (Network, Low attack complexity, no privileges required, availability impact in the HIGH range). Affected software: knot-reso...

7.5CVSS7.2AI score0.0111EPSS
CVE
CVE
added 2019/11/05 6:14 p.m.103 views

CVE-2013-5661

The connected documents consistently describe CVE-2013-5661 as a DNS cache poisoning issue in the DNS Response Rate Limiting mechanism of ISC BIND. The vulnerability is tied to BIND’s handling of responses that can be poisoned to contaminate DNS caches. Concrete details (affected versions, exact ...

5.9CVSS5.7AI score0.0345EPSS
CVE
CVE
added 2022/06/20 3:5 p.m.76 views

CVE-2022-32983

The CVE-2022-32983 issue affects Knot Resolver up to version 5.5.1, where DNS cache poisoning could occur when an attempt is made to limit forwarding actions by filters. Root cause details in connected sources indicate a vulnerability in handling forwarding/filter constraints that can lead to cac...

5.3CVSS5.6AI score0.00761EPSS
CVE
CVE
added 2021/08/25 12:21 a.m.67 views

CVE-2021-40083

Knot Resolver before 5.3.2 is prone to an assertion failure that can be triggered remotely in a specific edge case: NSEC3 with too many iterations used for a positive wildcard proof. The vulnerability is documented across multiple sources in this CVE, confirming the affected software (Knot Resolv...

7.5CVSS7.4AI score0.01421EPSS
CVE
CVE
added 2018/08/02 1:0 p.m.64 views

CVE-2018-10920

CVE-2018-10920 affects Knot Resolver prior to version 2.4.1. The issue is an improper input validation in the DNS resolver component, enabling a remote attacker to poison DNS caches. Public documents from Fedora/RH/NVD describe Knot Resolver 2.4.1 as the fix for this vulnerability, and Nessus/Ope...

7.5CVSS6.5AI score0.03239EPSS
CVE
CVE
added 2023/10/22 12:0 a.m.62 views

CVE-2023-46317

CVE-2023-46317 affects Knot Resolver prior to 5.7.0. The vulnerability arises when the resolver encounters certain nonsensical DNS responses, triggering excessive TCP reconnections and potential denial of service. Public sources (Debian security advisory DSA-5633-1, OpenVAS/OSV entries) corrobora...

7.5CVSS7.4AI score0.00641EPSS
CVE
CVE
added 2023/02/21 12:0 a.m.51 views

CVE-2023-26249

Knot Resolver is affected by a DoS vulnerability (CVE-2023-26249) in versions prior to 5.6.0. The issue arises from insufficient input validation in the DNS translator, allowing a single client query to trigger many TCP reconnections (up to about a hundred attempts) when upstream servers close wi...

7.5CVSS7.3AI score0.00708EPSS
CVE
CVE
added 2018/01/22 6:0 p.m.48 views

CVE-2018-1000002

Knot Resolver prior to 1.5.2 contains an insufficient DNSSEC validation flaw (CVE-2018-1000002) that could allow an attacker in MITM to deny existence of some data by forging packets. Fedora advisories and OpenVAS/Nessus entries reference CVE-2018-1000002 and show updates (e.g., knot-resolver pac...

4.3CVSS4.9AI score0.01081EPSS