Knot Resolver
by Cz Nic
Source repositories
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-26249 | Hig | 0.49 | 7.5 | 0.01 | Feb 21, 2023 | Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without… | ||
| CVE-2022-40188 | Hig | 0.49 | 7.5 | 0.02 | Sep 23, 2022 | Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets. | ||
| CVE-2021-40083 | Hig | 0.49 | 7.5 | 0.01 | Aug 25, 2021 | Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof). | ||
| CVE-2018-1110 | Hig | 0.49 | 7.5 | 0.01 | Mar 30, 2021 | A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service. | ||
| CVE-2020-12667 | Hig | 0.49 | 7.5 | 0.03 | May 19, 2020 | Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. | ||
| CVE-2019-10191 | Hig | 0.49 | 7.5 | 0.02 | Jul 16, 2019 | A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol. | ||
| CVE-2019-10190 | Hig | 0.49 | 7.5 | 0.02 | Jul 16, 2019 | A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation… | ||
| CVE-2018-10920 | Med | 0.44 | 6.8 | 0.03 | Aug 2, 2018 | Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache. | ||
| CVE-2018-1000002 | Low | 0.24 | 3.7 | 0.01 | Jan 22, 2018 | Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay. | ||
| CVE-2022-32983 | Med | 0.00 | 5.3 | 0.01 | Jun 20, 2022 | Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters. |
- risk 0.49cvss 7.5epss 0.01
Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without…
- risk 0.49cvss 7.5epss 0.02
Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets.
- risk 0.49cvss 7.5epss 0.01
Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof).
- risk 0.49cvss 7.5epss 0.01
A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service.
- risk 0.49cvss 7.5epss 0.03
Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
- risk 0.49cvss 7.5epss 0.02
A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol.
- risk 0.49cvss 7.5epss 0.02
A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation…
- risk 0.44cvss 6.8epss 0.03
Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache.
- risk 0.24cvss 3.7epss 0.01
Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.
- risk 0.00cvss 5.3epss 0.01
Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters.