CVSS: 7.8EPSS: 29%CPEs: 21EXPL: 3CVE-2023-50387 – bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator
https://notcve.org/view.php?id=CVE-2023-50387
13 Feb 2024 — Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. Ciertos aspectos DNSSEC del protocolo DNS (en RFC 4035 y RFC relacionados) permiten a ataca... • https://github.com/knqyf263/CVE-2023-50387 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46317 – Debian Security Advisory 5633-1
https://notcve.org/view.php?id=CVE-2023-46317
22 Oct 2023 — Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers. Knot Resolver anterior a 5.7.0 realiza muchas reconexiones TCP al recibir ciertas respuestas sin sentido de los servidores. It was discovered that malformed DNSSEC records within a DNS zone could result in denial of service against Knot Resolver, a caching, DNSSEC- validating DNS resolver. • https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1448 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26249
https://notcve.org/view.php?id=CVE-2023-26249
21 Feb 2023 — Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response. • https://www.knot-resolver.cz/2023-01-26-knot-resolver-5.6.0.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-40188 – Ubuntu Security Notice USN-6225-1
https://notcve.org/view.php?id=CVE-2022-40188
23 Sep 2022 — Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets. Knot Resolver versiones anteriores a 5.5.3, permite a atacantes remotos causar una denegación de servicio (consumo de CPU) debido a una complejidad del algoritmo. Durante un ataque, un servidor autoritativo debe devolver grandes conjuntos de NS o conjuntos de direcciones. It was discovered tha... • https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1343#note_262558 • CWE-407: Inefficient Algorithmic Complexity •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32983
https://notcve.org/view.php?id=CVE-2022-32983
20 Jun 2022 — Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters. Knot Resolver versiones hasta 5.5.1, puede permitir el envenenamiento de la caché DNS cuando intenta limitar las acciones de reenvío mediante filtros • https://github.com/CZ-NIC/knot-resolver/commit/ccb9d9794db5eb757c33becf65cb1cf48ecfd968 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40083
https://notcve.org/view.php?id=CVE-2021-40083
25 Aug 2021 — Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof). Knot Resolver versiones anteriores a 5.3.2, es propenso a un fallo de aserción, desencadenado por un atacante remoto en un caso límite (NSEC3 con demasiadas iteraciones usadas para una prueba de comodín positiva). • https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1169 • CWE-617: Reachable Assertion •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-26928
https://notcve.org/view.php?id=CVE-2021-26928
04 Jun 2021 — BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. Because of this, products that use BIRD (which may, for example, include Tigera products in some configurations, as well as products of other vendors) may have been susceptible to route redirection for Denial of Service and/or Information Disclosure. NOTE: a researcher has asserted that the behavior is within Tigera’s area of responsibility; however, Tigera disagrees ** EN DISPUTA ** BIRD versiones hasta 2.0.7, no pr... • https://www.cyberark.com/resources/threat-research-blog/attacking-kubernetes-clusters-through-your-network-plumbing-part-2 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1110
https://notcve.org/view.php?id=CVE-2018-1110
30 Mar 2021 — A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service. Se encontró un fallo en knot-resolver versiones anteriores a 2.3.0. Unos mensajes DNS malformados pueden causar una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=1944328 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3346
https://notcve.org/view.php?id=CVE-2021-3346
29 Jan 2021 — Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template. Foris versiones anteriores a 101.1.1, como es usado en el Sistema Operativo Turris, carece de determinado escape HTML en la plantilla de inicio de sesión • https://gitlab.nic.cz/turris/foris/foris/-/blob/master/CHANGELOG.rst •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2020-12667 – Ubuntu Security Notice USN-7047-1
https://notcve.org/view.php?id=CVE-2020-12667
19 May 2020 — Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. Knot Resolver versiones anteriores a 5.1.1, permite la amplificación del tráfico mediante una respuesta DNS diseñada desde un servidor controlado por el atacante, también se conoce como un problema de "NXNSAttack". Esto es activado por subdominios aleatorios en los registros NS en NSDNAME. VladimÃ... • http://cyber-security-group.cs.tau.ac.il/# • CWE-400: Uncontrolled Resource Consumption •