CPE Details
NIC Knot Resolver 5.1.1
5.1.1
2020-05-21
11h48 +00:00
11h48 +00:00
2020-05-21
11h48 +00:00
11h48 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:nic:knot_resolver:5.1.1:*:*:*:*:*:*:*
Informations
Vendor
nicProduct
knot_resolverVersion
5.1.1Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. | 7.5 |
High |
||
| Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers. | 7.5 |
High |
||
| Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response. | 7.5 |
High |
||
| Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets. | 7.5 |
High |
||
| Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters. | 5.3 |
Medium |
||
| Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof). | 7.5 |
High |
