Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

knot resolver vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2023-50387
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote malicious users to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is...
Redhat Enterprise Linux 7.0Redhat Enterprise Linux 6.0Redhat Enterprise Linux 8.0Redhat Enterprise Linux 9.0Microsoft Windows Server 2008 R2Microsoft Windows Server 2012 R2Microsoft Windows Server 2016 -Microsoft Windows Server 2012 -Microsoft Windows Server 2019 -Microsoft Windows Server 2022 -Microsoft Windows Server 2022 23h2 -Fedoraproject Fedora 39Thekelleys DnsmasqNic Knot ResolverPowerdns RecursorIsc BindNlnetlabs Unbound
NA
CVE-2023-46317
Knot Resolver prior to 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers.
Nic Knot Resolver
NA
CVE-2023-26249
Knot Resolver prior to 5.6.0 enables malicious users to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without...
Nic Knot Resolver
NA
CVE-2022-40188
Knot Resolver prior to 5.5.3 allows remote malicious users to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets.
Nic Knot ResolverFedoraproject Fedora 35Fedoraproject Fedora 36Fedoraproject Fedora 37Debian Debian Linux 10.0
5
CVSSv2
CVE-2022-32983
Knot Resolver up to and including 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters.
Nic Knot Resolver
5
CVSSv2
CVE-2021-40083
Knot Resolver prior to 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof).
Nic Knot Resolver
5
CVSSv2
CVE-2018-1110
A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service.
Nic Knot Resolver
5
CVSSv2
CVE-2020-12667
Knot Resolver prior to 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
Nic Knot Resolver
5
CVSSv2
CVE-2019-19331
knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently, in extreme cases taking even several CPU seconds for each such uncached message. For example, a f...
Nic Knot ResolverDebian Debian Linux 10.0
2.6
CVSSv2
CVE-2013-5661
Cache Poisoning issue exists in DNS Response Rate Limiting.
Isc BindNlnetlabs Nsd 3.2.15Nic Knot ResolverRedhat Enterprise Linux 6.0Redhat Enterprise Linux 7.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook