VYPR

Knot Resolver

by Cz Nic

Source repositories

CVEs (10)

  • CVE-2023-26249HigFeb 21, 2023
    risk 0.49cvss 7.5epss 0.01

    Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without…

  • CVE-2022-40188HigSep 23, 2022
    risk 0.49cvss 7.5epss 0.02

    Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets.

  • CVE-2021-40083HigAug 25, 2021
    risk 0.49cvss 7.5epss 0.01

    Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof).

  • CVE-2018-1110HigMar 30, 2021
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service.

  • CVE-2020-12667HigMay 19, 2020
    risk 0.49cvss 7.5epss 0.03

    Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

  • CVE-2019-10191HigJul 16, 2019
    risk 0.49cvss 7.5epss 0.02

    A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol.

  • CVE-2019-10190HigJul 16, 2019
    risk 0.49cvss 7.5epss 0.02

    A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation…

  • CVE-2018-10920MedAug 2, 2018
    risk 0.44cvss 6.8epss 0.03

    Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache.

  • CVE-2018-1000002LowJan 22, 2018
    risk 0.24cvss 3.7epss 0.01

    Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.

  • CVE-2022-32983MedJun 20, 2022
    risk 0.00cvss 5.3epss 0.01

    Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters.