knot resolver vulnerabilities and exploits

NA
CVE-2019-19331

Knot Resolver is vulnerable to a denial of service, caused by the improper processing of DNS replies with multiple resource records. By sending a specially-crafted DNS message containing a few thousand records, a remote attacker could exploit this vulnerability to consume all...

5
CVSSv2
CVE-2019-10190

A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation...

5
CVSSv2
CVE-2019-10191

A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol....

4.3
CVSSv2
CVE-2018-10920

Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache....

4.3
CVSSv2
CVE-2018-1000002

Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay....