CVSS: 7.8EPSS: 29%CPEs: 21EXPL: 3CVE-2023-50387 – bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator
https://notcve.org/view.php?id=CVE-2023-50387
13 Feb 2024 — Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. Ciertos aspectos DNSSEC del protocolo DNS (en RFC 4035 y RFC relacionados) permiten a ataca... • https://github.com/knqyf263/CVE-2023-50387 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46317 – Debian Security Advisory 5633-1
https://notcve.org/view.php?id=CVE-2023-46317
22 Oct 2023 — Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers. Knot Resolver anterior a 5.7.0 realiza muchas reconexiones TCP al recibir ciertas respuestas sin sentido de los servidores. It was discovered that malformed DNSSEC records within a DNS zone could result in denial of service against Knot Resolver, a caching, DNSSEC- validating DNS resolver. • https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1448 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26249
https://notcve.org/view.php?id=CVE-2023-26249
21 Feb 2023 — Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response. • https://www.knot-resolver.cz/2023-01-26-knot-resolver-5.6.0.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-40188 – Ubuntu Security Notice USN-6225-1
https://notcve.org/view.php?id=CVE-2022-40188
23 Sep 2022 — Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets. Knot Resolver versiones anteriores a 5.5.3, permite a atacantes remotos causar una denegación de servicio (consumo de CPU) debido a una complejidad del algoritmo. Durante un ataque, un servidor autoritativo debe devolver grandes conjuntos de NS o conjuntos de direcciones. It was discovered tha... • https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1343#note_262558 • CWE-407: Inefficient Algorithmic Complexity •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32983
https://notcve.org/view.php?id=CVE-2022-32983
20 Jun 2022 — Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters. Knot Resolver versiones hasta 5.5.1, puede permitir el envenenamiento de la caché DNS cuando intenta limitar las acciones de reenvío mediante filtros • https://github.com/CZ-NIC/knot-resolver/commit/ccb9d9794db5eb757c33becf65cb1cf48ecfd968 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40083
https://notcve.org/view.php?id=CVE-2021-40083
25 Aug 2021 — Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof). Knot Resolver versiones anteriores a 5.3.2, es propenso a un fallo de aserción, desencadenado por un atacante remoto en un caso límite (NSEC3 con demasiadas iteraciones usadas para una prueba de comodín positiva). • https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1169 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1110
https://notcve.org/view.php?id=CVE-2018-1110
30 Mar 2021 — A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service. Se encontró un fallo en knot-resolver versiones anteriores a 2.3.0. Unos mensajes DNS malformados pueden causar una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=1944328 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2020-12667 – Ubuntu Security Notice USN-7047-1
https://notcve.org/view.php?id=CVE-2020-12667
19 May 2020 — Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. Knot Resolver versiones anteriores a 5.1.1, permite la amplificación del tráfico mediante una respuesta DNS diseñada desde un servidor controlado por el atacante, también se conoce como un problema de "NXNSAttack". Esto es activado por subdominios aleatorios en los registros NS en NSDNAME. VladimÃ... • http://cyber-security-group.cs.tau.ac.il/# • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-19331 – Ubuntu Security Notice USN-7047-1
https://notcve.org/view.php?id=CVE-2019-19331
16 Dec 2019 — knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently, in extreme cases taking even several CPU seconds for each such uncached message. For example, a few thousand A records can be squashed into one DNS message (limit is 64kB). knot-resolver versiones anteriores a 4.3.0, es vulnerable a una denegación de servicio por medio de una alta utilización de la CPU. Las respuestas de DNS co... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19331 • CWE-404: Improper Resource Shutdown or Release CWE-407: Inefficient Algorithmic Complexity •
CVSS: 5.9EPSS: 1%CPEs: 5EXPL: 0CVE-2013-5661
https://notcve.org/view.php?id=CVE-2013-5661
05 Nov 2019 — Cache Poisoning issue exists in DNS Response Rate Limiting. Existe Un problema de envenenamiento de caché en el DNS Response Rate Limiting. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661 • CWE-290: Authentication Bypass by Spoofing •