Search criteria
19 vulnerabilities by NIC
CVE-2026-49943 (GCVE-0-2026-49943)
Vulnerability from cvelistv5 – Published: 2026-06-02 16:16 – Updated: 2026-06-02 18:24
VLAI
Summary
CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matching implementation in nest/a-path.c. The as_path_match() function uses a fixed-size stack array of 2048 + 1 pm_pos entries, while parse_path() expands AS_PATH segments from a received BGP UPDATE without enforcing a corresponding capacity limit. When RFC 8654 BGP Extended Messages are enabled and a BIRD filter evaluates an AS path mask expression such as "bgp_path ~ [= ... =]", an established BGP peer can send a long AS_PATH containing more than 2048 expanded ASNs. This causes parse_path()/as_path_match() to write beyond the fixed stack buffer, resulting in a crash of the daemon. NOTE: reportedly, the Supplier's position is that a fix is not being prioritized because all network operators should already be rejecting routes with unusually long attributes.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
2 references
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-49943",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T18:20:11.710969Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T18:24:47.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "BIRD",
"vendor": "NIC",
"versions": [
{
"lessThanOrEqual": "2.19.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nic:bird:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matching implementation in nest/a-path.c. The as_path_match() function uses a fixed-size stack array of 2048 + 1 pm_pos entries, while parse_path() expands AS_PATH segments from a received BGP UPDATE without enforcing a corresponding capacity limit. When RFC 8654 BGP Extended Messages are enabled and a BIRD filter evaluates an AS path mask expression such as \"bgp_path ~ [= ... =]\", an established BGP peer can send a long AS_PATH containing more than 2048 expanded ASNs. This causes parse_path()/as_path_match() to write beyond the fixed stack buffer, resulting in a crash of the daemon. NOTE: reportedly, the Supplier\u0027s position is that a fix is not being prioritized because all network operators should already be rejecting routes with unusually long attributes."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T16:19:03.910Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bird.nic.cz"
},
{
"url": "https://gitlab.nic.cz/labs/bird/-/blob/master/NEWS"
}
],
"x_generator": {
"engine": "CVE-Request-form 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-49943",
"datePublished": "2026-06-02T16:16:52.033Z",
"dateReserved": "2026-06-02T16:16:51.394Z",
"dateUpdated": "2026-06-02T18:24:47.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-50387 (GCVE-0-2023-50387)
Vulnerability from cvelistv5 – Published: 2024-02-14 00:00 – Updated: 2025-11-04 18:20
VLAI
Summary
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
36 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:20:34.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.athene-center.de/aktuelles/key-trap"
},
{
"tags": [
"x_transferred"
],
"url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2023-50387"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=39367411"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.isc.org/blogs/2024-bind-security-release/"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=39372384"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-50387"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1219823"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf"
},
{
"name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/16/2"
},
{
"name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/16/3"
},
{
"name": "FEDORA-2024-2e26eccfcb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/"
},
{
"name": "FEDORA-2024-e24211eff0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/"
},
{
"name": "FEDORA-2024-21310568fa",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/"
},
{
"name": "[debian-lts-announce] 20240221 [SECURITY] [DLA 3736-1] unbound security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html"
},
{
"name": "FEDORA-2024-b0f9656a76",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/"
},
{
"name": "FEDORA-2024-4e36df9dfd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/"
},
{
"name": "FEDORA-2024-499b9be35f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/"
},
{
"name": "FEDORA-2024-c36c448396",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/"
},
{
"name": "FEDORA-2024-c967c7d287",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/"
},
{
"name": "FEDORA-2024-e00eceb11c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/"
},
{
"name": "FEDORA-2024-fae88b73eb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240307-0007/"
},
{
"name": "[debian-lts-announce] 20240517 [SECURITY] [DLA 3816-1] bind9 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00035.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00001.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-50387",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T17:27:29.786375Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T15:02:17.822Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:14:16.780Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.athene-center.de/aktuelles/key-trap"
},
{
"url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/"
},
{
"url": "https://kb.isc.org/docs/cve-2023-50387"
},
{
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html"
},
{
"url": "https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/"
},
{
"url": "https://news.ycombinator.com/item?id=39367411"
},
{
"url": "https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/"
},
{
"url": "https://www.isc.org/blogs/2024-bind-security-release/"
},
{
"url": "https://news.ycombinator.com/item?id=39372384"
},
{
"url": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1"
},
{
"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html"
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-50387"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1219823"
},
{
"url": "https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf"
},
{
"name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/16/2"
},
{
"name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/16/3"
},
{
"name": "FEDORA-2024-2e26eccfcb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/"
},
{
"name": "FEDORA-2024-e24211eff0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/"
},
{
"name": "FEDORA-2024-21310568fa",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/"
},
{
"name": "[debian-lts-announce] 20240221 [SECURITY] [DLA 3736-1] unbound security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html"
},
{
"name": "FEDORA-2024-b0f9656a76",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/"
},
{
"name": "FEDORA-2024-4e36df9dfd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/"
},
{
"name": "FEDORA-2024-499b9be35f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/"
},
{
"name": "FEDORA-2024-c36c448396",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/"
},
{
"name": "FEDORA-2024-c967c7d287",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/"
},
{
"name": "FEDORA-2024-e00eceb11c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/"
},
{
"name": "FEDORA-2024-fae88b73eb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240307-0007/"
},
{
"name": "[debian-lts-announce] 20240517 [SECURITY] [DLA 3816-1] bind9 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-50387",
"datePublished": "2024-02-14T00:00:00.000Z",
"dateReserved": "2023-12-07T00:00:00.000Z",
"dateUpdated": "2025-11-04T18:20:34.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-46317 (GCVE-0-2023-46317)
Vulnerability from cvelistv5 – Published: 2023-10-22 00:00 – Updated: 2024-09-12 17:45
VLAI
Summary
Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:45:40.742Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.knot-resolver.cz/2023-08-22-knot-resolver-5.7.0.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1448"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T17:42:31.315517Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:45:59.356Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-22T22:18:09.682Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.knot-resolver.cz/2023-08-22-knot-resolver-5.7.0.html"
},
{
"url": "https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1448"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-46317",
"datePublished": "2023-10-22T00:00:00.000Z",
"dateReserved": "2023-10-22T00:00:00.000Z",
"dateUpdated": "2024-09-12T17:45:59.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26249 (GCVE-0-2023-26249)
Vulnerability from cvelistv5 – Published: 2023-02-21 00:00 – Updated: 2025-03-14 18:32
VLAI
Summary
Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:23.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.knot-resolver.cz/2023-01-26-knot-resolver-5.6.0.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-26249",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-14T18:32:21.670624Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T18:32:24.994Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-21T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.knot-resolver.cz/2023-01-26-knot-resolver-5.6.0.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26249",
"datePublished": "2023-02-21T00:00:00.000Z",
"dateReserved": "2023-02-21T00:00:00.000Z",
"dateUpdated": "2025-03-14T18:32:24.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40188 (GCVE-0-2022-40188)
Vulnerability from cvelistv5 – Published: 2022-09-23 00:00 – Updated: 2025-05-27 14:55
VLAI
Summary
Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-407 - Inefficient Algorithmic Complexity
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://gitlab.nic.cz/knot/knot-resolver/-/merge_… | |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-list |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:14:39.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1343#note_262558"
},
{
"name": "FEDORA-2022-68ad89b21c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2VE5K3VDUHJOIA2IGT3G5R76IBADMNE/"
},
{
"name": "FEDORA-2022-357cc1a81b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIMDNIUI7GTUEKIBBYYW7OCTJQFPDNXL/"
},
{
"name": "FEDORA-2022-2a4ca7b18d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO6LIVQS62MI5GG4OVYB5RHVZMYNHAHG/"
},
{
"name": "[debian-lts-announce] 20221008 [SECURITY] [DLA 3139-1] knot-resolver security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00008.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-40188",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T14:55:00.408266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-407",
"description": "CWE-407 Inefficient Algorithmic Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T14:55:35.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-08T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1343#note_262558"
},
{
"name": "FEDORA-2022-68ad89b21c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2VE5K3VDUHJOIA2IGT3G5R76IBADMNE/"
},
{
"name": "FEDORA-2022-357cc1a81b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIMDNIUI7GTUEKIBBYYW7OCTJQFPDNXL/"
},
{
"name": "FEDORA-2022-2a4ca7b18d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO6LIVQS62MI5GG4OVYB5RHVZMYNHAHG/"
},
{
"name": "[debian-lts-announce] 20221008 [SECURITY] [DLA 3139-1] knot-resolver security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00008.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-40188",
"datePublished": "2022-09-23T00:00:00.000Z",
"dateReserved": "2022-09-08T00:00:00.000Z",
"dateUpdated": "2025-05-27T14:55:35.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32983 (GCVE-0-2022-32983)
Vulnerability from cvelistv5 – Published: 2022-06-20 15:05 – Updated: 2024-08-03 07:54
VLAI
Summary
Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/CZ-NIC/knot-resolver/commit/cc… | x_refsource_MISC |
| https://knot-resolver.readthedocs.io/en/stable/mo… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:54:03.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CZ-NIC/knot-resolver/commit/ccb9d9794db5eb757c33becf65cb1cf48ecfd968"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://knot-resolver.readthedocs.io/en/stable/modules-policy.html#forwarding"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T15:05:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CZ-NIC/knot-resolver/commit/ccb9d9794db5eb757c33becf65cb1cf48ecfd968"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://knot-resolver.readthedocs.io/en/stable/modules-policy.html#forwarding"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/CZ-NIC/knot-resolver/commit/ccb9d9794db5eb757c33becf65cb1cf48ecfd968",
"refsource": "MISC",
"url": "https://github.com/CZ-NIC/knot-resolver/commit/ccb9d9794db5eb757c33becf65cb1cf48ecfd968"
},
{
"name": "https://knot-resolver.readthedocs.io/en/stable/modules-policy.html#forwarding",
"refsource": "MISC",
"url": "https://knot-resolver.readthedocs.io/en/stable/modules-policy.html#forwarding"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32983",
"datePublished": "2022-06-20T15:05:01.000Z",
"dateReserved": "2022-06-10T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:54:03.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40083 (GCVE-0-2021-40083)
Vulnerability from cvelistv5 – Published: 2021-08-25 00:21 – Updated: 2024-08-04 02:27
VLAI
Summary
Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://gitlab.nic.cz/knot/knot-resolver/-/merge_… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1169"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-25T00:21:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1169"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-40083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1169",
"refsource": "MISC",
"url": "https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1169"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-40083",
"datePublished": "2021-08-25T00:21:43.000Z",
"dateReserved": "2021-08-24T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:27:31.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26928 (GCVE-0-2021-26928)
Vulnerability from cvelistv5 – Published: 2021-06-04 20:13 – Updated: 2024-08-03 20:33 Disputed
VLAI
Summary
BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. Because of this, products that use BIRD (which may, for example, include Tigera products in some configurations, as well as products of other vendors) may have been susceptible to route redirection for Denial of Service and/or Information Disclosure. NOTE: a researcher has asserted that the behavior is within Tigera’s area of responsibility; however, Tigera disagrees
Severity
6.8 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cyberark.com/resources/threat-researc… | x_refsource_MISC |
Impacted products
Date Public
2021-05-17 00:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nic:bird:2.0.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bird",
"vendor": "nic",
"versions": [
{
"status": "affected",
"version": "2.0.7"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-26928",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T15:15:54.826946Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:13:20.017Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:41.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cyberark.com/resources/threat-research-blog/attacking-kubernetes-clusters-through-your-network-plumbing-part-2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. Because of this, products that use BIRD (which may, for example, include Tigera products in some configurations, as well as products of other vendors) may have been susceptible to route redirection for Denial of Service and/or Information Disclosure. NOTE: a researcher has asserted that the behavior is within Tigera\u2019s area of responsibility; however, Tigera disagrees"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-04T20:13:28.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cyberark.com/resources/threat-research-blog/attacking-kubernetes-clusters-through-your-network-plumbing-part-2"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. Because of this, products that use BIRD (which may, for example, include Tigera products in some configurations, as well as products of other vendors) may have been susceptible to route redirection for Denial of Service and/or Information Disclosure. NOTE: a researcher has asserted that the behavior is within Tigera\u2019s area of responsibility; however, Tigera disagrees."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cyberark.com/resources/threat-research-blog/attacking-kubernetes-clusters-through-your-network-plumbing-part-2",
"refsource": "MISC",
"url": "https://www.cyberark.com/resources/threat-research-blog/attacking-kubernetes-clusters-through-your-network-plumbing-part-2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26928",
"datePublished": "2021-06-04T20:13:28.000Z",
"dateReserved": "2021-02-09T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:33:41.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1110 (GCVE-0-2018-1110)
Vulnerability from cvelistv5 – Published: 2021-03-30 01:55 – Updated: 2024-08-05 03:51
VLAI
Summary
A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1944328 | x_refsource_MISC |
| https://www.knot-resolver.cz/2018-04-23-knot-reso… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | knot-resolver |
Affected:
Knot Resolver 2.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944328"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.knot-resolver.cz/2018-04-23-knot-resolver-2.3.0.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "knot-resolver",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Knot Resolver 2.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-30T01:55:31.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944328"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.knot-resolver.cz/2018-04-23-knot-resolver-2.3.0.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "knot-resolver",
"version": {
"version_data": [
{
"version_value": "Knot Resolver 2.3.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1944328",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944328"
},
{
"name": "https://www.knot-resolver.cz/2018-04-23-knot-resolver-2.3.0.html",
"refsource": "MISC",
"url": "https://www.knot-resolver.cz/2018-04-23-knot-resolver-2.3.0.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-1110",
"datePublished": "2021-03-30T01:55:31.000Z",
"dateReserved": "2017-12-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:51:48.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3346 (GCVE-0-2021-3346)
Vulnerability from cvelistv5 – Published: 2021-01-29 16:38 – Updated: 2024-08-03 16:53
VLAI
Summary
Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.turris.com/ | x_refsource_MISC |
| https://gitlab.nic.cz/turris/foris/foris/-/issues/201 | x_refsource_MISC |
| https://gitlab.nic.cz/turris/foris/foris/-/blob/m… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.turris.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.nic.cz/turris/foris/foris/-/issues/201"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.nic.cz/turris/foris/foris/-/blob/master/CHANGELOG.rst"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-29T16:38:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.turris.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.nic.cz/turris/foris/foris/-/issues/201"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.nic.cz/turris/foris/foris/-/blob/master/CHANGELOG.rst"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-3346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.turris.com/",
"refsource": "MISC",
"url": "https://www.turris.com/"
},
{
"name": "https://gitlab.nic.cz/turris/foris/foris/-/issues/201",
"refsource": "MISC",
"url": "https://gitlab.nic.cz/turris/foris/foris/-/issues/201"
},
{
"name": "https://gitlab.nic.cz/turris/foris/foris/-/blob/master/CHANGELOG.rst",
"refsource": "MISC",
"url": "https://gitlab.nic.cz/turris/foris/foris/-/blob/master/CHANGELOG.rst"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-3346",
"datePublished": "2021-01-29T16:38:09.000Z",
"dateReserved": "2021-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T16:53:17.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12667 (GCVE-0-2020-12667)
Vulnerability from cvelistv5 – Published: 2020-05-19 00:00 – Updated: 2024-08-04 12:04
VLAI
Summary
Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
6 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nic | knot_resolver |
Affected:
-
cpe:2.3:a:nic:knot_resolver:-:*:*:*:*:*:*:* |
Date Public
2020-05-19 00:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nic:knot_resolver:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "knot_resolver",
"vendor": "nic",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-12667",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-26T17:02:23.525566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:12:29.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.knot-resolver.cz/2020-05-19-knot-resolver-5.1.1.html"
},
{
"name": "[oss-security] 20200519 [CVE-2020-12667] Knot Resolver 5.1.1 NXNSAttack mitigation",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/05/19/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://cyber-security-group.cs.tau.ac.il/#"
},
{
"name": "FEDORA-2020-bf68101ad3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/76Y4FITMOH6RVPWAANGV7NB2ZHPJJGDQ/"
},
{
"name": "[debian-lts-announce] 20240426 [SECURITY] [DLA 3795-1] knot-resolver security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-05-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an \"NXNSAttack\" issue. This is triggered by random subdomains in the NSDNAME in NS records."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-26T07:06:02.945Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/"
},
{
"url": "https://www.knot-resolver.cz/2020-05-19-knot-resolver-5.1.1.html"
},
{
"name": "[oss-security] 20200519 [CVE-2020-12667] Knot Resolver 5.1.1 NXNSAttack mitigation",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2020/05/19/2"
},
{
"url": "http://cyber-security-group.cs.tau.ac.il/#"
},
{
"name": "FEDORA-2020-bf68101ad3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/76Y4FITMOH6RVPWAANGV7NB2ZHPJJGDQ/"
},
{
"name": "[debian-lts-announce] 20240426 [SECURITY] [DLA 3795-1] knot-resolver security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00017.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12667",
"datePublished": "2020-05-19T00:00:00.000Z",
"dateReserved": "2020-05-05T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:04:22.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19331 (GCVE-0-2019-19331)
Vulnerability from cvelistv5 – Published: 2019-12-16 00:00 – Updated: 2024-08-05 02:16
VLAI
Summary
knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently, in extreme cases taking even several CPU seconds for each such uncached message. For example, a few thousand A records can be squashed into one DNS message (limit is 64kB).
Severity
7.5 (High)
CWE
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CZ.NIC | knot-resolver |
Affected:
4.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:46.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19331"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.knot-resolver.cz/2019-12-04-knot-resolver-4.3.0.html"
},
{
"name": "[debian-lts-announce] 20240426 [SECURITY] [DLA 3795-1] knot-resolver security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "knot-resolver",
"vendor": "CZ.NIC",
"versions": [
{
"status": "affected",
"version": "4.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently, in extreme cases taking even several CPU seconds for each such uncached message. For example, a few thousand A records can be squashed into one DNS message (limit is 64kB)."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-407",
"description": "CWE-407",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-26T07:06:04.638Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19331"
},
{
"url": "https://www.knot-resolver.cz/2019-12-04-knot-resolver-4.3.0.html"
},
{
"name": "[debian-lts-announce] 20240426 [SECURITY] [DLA 3795-1] knot-resolver security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00017.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-19331",
"datePublished": "2019-12-16T00:00:00.000Z",
"dateReserved": "2019-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:16:46.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5661 (GCVE-0-2013-5661)
Vulnerability from cvelistv5 – Published: 2019-11-05 18:14 – Updated: 2024-08-06 17:15
VLAI
Summary
Cache Poisoning issue exists in DNS Response Rate Limiting.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661 | x_refsource_MISC |
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
Date Public
2013-12-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:15:21.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-5661"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cache Poisoning issue exists in DNS Response Rate Limiting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T18:14:31.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-5661"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cache Poisoning issue exists in DNS Response Rate Limiting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-5661",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-5661"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5661",
"datePublished": "2019-11-05T18:14:31.000Z",
"dateReserved": "2013-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:15:21.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16159 (GCVE-0-2019-16159)
Vulnerability from cvelistv5 – Published: 2019-09-09 14:34 – Updated: 2024-08-05 01:10
VLAI
Summary
BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://gitlab.labs.nic.cz/labs/bird/commit/8388f… | x_refsource_MISC |
| https://gitlab.labs.nic.cz/labs/bird/commit/1657c… | x_refsource_MISC |
| http://trubka.network.cz/pipermail/bird-users/201… | x_refsource_MISC |
| http://trubka.network.cz/pipermail/bird-users/201… | x_refsource_MISC |
| http://trubka.network.cz/pipermail/bird-users/201… | x_refsource_MISC |
| http://bird.network.cz | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://seclists.org/bugtraq/2019/Sep/34 | mailing-listx_refsource_BUGTRAQ |
| https://www.debian.org/security/2019/dsa-4528 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:10:41.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.labs.nic.cz/labs/bird/commit/8388f5a7e14108a1458fea35bfbb5a453e2c563c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.labs.nic.cz/labs/bird/commit/1657c41c96b3c07d9265b07dd4912033ead4124b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://trubka.network.cz/pipermail/bird-users/2019-September/013718.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://trubka.network.cz/pipermail/bird-users/2019-September/013720.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://trubka.network.cz/pipermail/bird-users/2019-September/013722.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bird.network.cz"
},
{
"name": "FEDORA-2019-ace80f492e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F23NNAPXX65MGJQBPPTVGRV3T4XCKBV/"
},
{
"name": "FEDORA-2019-b629e3b97f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MCVNQJBZYGGNAJNGOFEBE3IAJME2QIZB/"
},
{
"name": "20190920 [SECURITY] [DSA 4528-1] bird security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/34"
},
{
"name": "DSA-4528",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4528"
},
{
"name": "openSUSE-SU-2019:2178",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00063.html"
},
{
"name": "openSUSE-SU-2019:2180",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00065.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon\u0027s support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-24T20:06:20.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.labs.nic.cz/labs/bird/commit/8388f5a7e14108a1458fea35bfbb5a453e2c563c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.labs.nic.cz/labs/bird/commit/1657c41c96b3c07d9265b07dd4912033ead4124b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://trubka.network.cz/pipermail/bird-users/2019-September/013718.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://trubka.network.cz/pipermail/bird-users/2019-September/013720.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://trubka.network.cz/pipermail/bird-users/2019-September/013722.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bird.network.cz"
},
{
"name": "FEDORA-2019-ace80f492e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F23NNAPXX65MGJQBPPTVGRV3T4XCKBV/"
},
{
"name": "FEDORA-2019-b629e3b97f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MCVNQJBZYGGNAJNGOFEBE3IAJME2QIZB/"
},
{
"name": "20190920 [SECURITY] [DSA 4528-1] bird security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/34"
},
{
"name": "DSA-4528",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4528"
},
{
"name": "openSUSE-SU-2019:2178",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00063.html"
},
{
"name": "openSUSE-SU-2019:2180",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00065.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon\u0027s support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.labs.nic.cz/labs/bird/commit/8388f5a7e14108a1458fea35bfbb5a453e2c563c",
"refsource": "MISC",
"url": "https://gitlab.labs.nic.cz/labs/bird/commit/8388f5a7e14108a1458fea35bfbb5a453e2c563c"
},
{
"name": "https://gitlab.labs.nic.cz/labs/bird/commit/1657c41c96b3c07d9265b07dd4912033ead4124b",
"refsource": "MISC",
"url": "https://gitlab.labs.nic.cz/labs/bird/commit/1657c41c96b3c07d9265b07dd4912033ead4124b"
},
{
"name": "http://trubka.network.cz/pipermail/bird-users/2019-September/013718.html",
"refsource": "MISC",
"url": "http://trubka.network.cz/pipermail/bird-users/2019-September/013718.html"
},
{
"name": "http://trubka.network.cz/pipermail/bird-users/2019-September/013720.html",
"refsource": "MISC",
"url": "http://trubka.network.cz/pipermail/bird-users/2019-September/013720.html"
},
{
"name": "http://trubka.network.cz/pipermail/bird-users/2019-September/013722.html",
"refsource": "MISC",
"url": "http://trubka.network.cz/pipermail/bird-users/2019-September/013722.html"
},
{
"name": "http://bird.network.cz",
"refsource": "MISC",
"url": "http://bird.network.cz"
},
{
"name": "FEDORA-2019-ace80f492e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4F23NNAPXX65MGJQBPPTVGRV3T4XCKBV/"
},
{
"name": "FEDORA-2019-b629e3b97f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MCVNQJBZYGGNAJNGOFEBE3IAJME2QIZB/"
},
{
"name": "20190920 [SECURITY] [DSA 4528-1] bird security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/34"
},
{
"name": "DSA-4528",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4528"
},
{
"name": "openSUSE-SU-2019:2178",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00063.html"
},
{
"name": "openSUSE-SU-2019:2180",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00065.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16159",
"datePublished": "2019-09-09T14:34:57.000Z",
"dateReserved": "2019-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:10:41.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10191 (GCVE-0-2019-10191)
Vulnerability from cvelistv5 – Published: 2019-07-16 17:52 – Updated: 2025-02-13 16:27
VLAI
Summary
A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol.
Severity
6.3 (Medium)
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://www.knot-resolver.cz/2019-07-10-knot-reso… | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.debian.org/debian-lts-announce/2024… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CZ.NIC | knot-resolver |
Affected:
all before 4.1.0
|
Date Public
2019-07-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:18.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10191"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html"
},
{
"name": "FEDORA-2019-fdb50c675d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZV5YZZ5766UIG2TFLFJL6EESQNAP5X5/"
},
{
"name": "FEDORA-2019-20f95b0b39",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMSSWBHINIX4WE6UDXWM66L7JYEK6XS6/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "knot-resolver",
"vendor": "CZ.NIC",
"versions": [
{
"status": "affected",
"version": "all before 4.1.0"
}
]
}
],
"datePublic": "2019-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-26T07:06:06.865Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10191"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html"
},
{
"name": "FEDORA-2019-fdb50c675d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZV5YZZ5766UIG2TFLFJL6EESQNAP5X5/"
},
{
"name": "FEDORA-2019-20f95b0b39",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMSSWBHINIX4WE6UDXWM66L7JYEK6XS6/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00017.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10191",
"datePublished": "2019-07-16T17:52:43.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:21.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10190 (GCVE-0-2019-10190)
Vulnerability from cvelistv5 – Published: 2019-07-16 17:50 – Updated: 2025-02-13 16:27
VLAI
Summary
A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation failed, instead of sending a SERVFAIL packet. Caching is not affected by this particular bug but see CVE-2019-10191.
Severity
5.4 (Medium)
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://www.knot-resolver.cz/2019-07-10-knot-reso… | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.debian.org/debian-lts-announce/2024… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CZ.NIC | knot-resolver |
Affected:
from 3.2.0 before 4.1.0
|
Date Public
2019-07-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:18.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10190"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html"
},
{
"name": "FEDORA-2019-fdb50c675d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZV5YZZ5766UIG2TFLFJL6EESQNAP5X5/"
},
{
"name": "FEDORA-2019-20f95b0b39",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMSSWBHINIX4WE6UDXWM66L7JYEK6XS6/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "knot-resolver",
"vendor": "CZ.NIC",
"versions": [
{
"status": "affected",
"version": "from 3.2.0 before 4.1.0"
}
]
}
],
"datePublic": "2019-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation failed, instead of sending a SERVFAIL packet. Caching is not affected by this particular bug but see CVE-2019-10191."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-26T07:06:05.111Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10190"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html"
},
{
"name": "FEDORA-2019-fdb50c675d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZV5YZZ5766UIG2TFLFJL6EESQNAP5X5/"
},
{
"name": "FEDORA-2019-20f95b0b39",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMSSWBHINIX4WE6UDXWM66L7JYEK6XS6/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00017.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10190",
"datePublished": "2019-07-16T17:50:05.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:20.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10920 (GCVE-0-2018-10920)
Vulnerability from cvelistv5 – Published: 2018-08-02 13:00 – Updated: 2024-08-05 07:54
VLAI
Summary
Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache.
Severity
7.5 (High)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.knot-resolver.cz/2018-08-02-knot-reso… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| cz.nic | knot-resolver |
Affected:
before 2.4.1
|
Date Public
2018-08-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.knot-resolver.cz/2018-08-02-knot-resolver-2.4.1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10920"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "knot-resolver",
"vendor": "cz.nic",
"versions": [
{
"status": "affected",
"version": "before 2.4.1"
}
]
}
],
"datePublic": "2018-08-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-02T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.knot-resolver.cz/2018-08-02-knot-resolver-2.4.1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10920"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-10920",
"datePublished": "2018-08-02T13:00:00.000Z",
"dateReserved": "2018-05-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:54:36.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0486 (GCVE-0-2014-0486)
Vulnerability from cvelistv5 – Published: 2018-03-27 16:00 – Updated: 2024-08-06 09:20
VLAI
Summary
Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://gitlab.labs.nic.cz/knot/knot-dns/issues/294 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/70097 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2014-09-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:18.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.labs.nic.cz/knot/knot-dns/issues/294"
},
{
"name": "70097",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70097"
},
{
"name": "knotdns-cve20140486-dos(96185)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96185"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-27T15:57:02.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.labs.nic.cz/knot/knot-dns/issues/294"
},
{
"name": "70097",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70097"
},
{
"name": "knotdns-cve20140486-dos(96185)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96185"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-0486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.labs.nic.cz/knot/knot-dns/issues/294",
"refsource": "CONFIRM",
"url": "https://gitlab.labs.nic.cz/knot/knot-dns/issues/294"
},
{
"name": "70097",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70097"
},
{
"name": "knotdns-cve20140486-dos(96185)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96185"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-0486",
"datePublished": "2018-03-27T16:00:00.000Z",
"dateReserved": "2013-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:20:18.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000002 (GCVE-0-2018-1000002)
Vulnerability from cvelistv5 – Published: 2018-01-22 18:00 – Updated: 2024-08-05 12:33
VLAI
Summary
Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.knot-resolver.cz/2018-01-22-knot-reso… | x_refsource_CONFIRM |
Date Public
2018-01-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:33:48.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.knot-resolver.cz/2018-01-22-knot-resolver-1.5.2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-01-15T00:00:00.000Z",
"datePublic": "2018-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-22T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.knot-resolver.cz/2018-01-22-knot-resolver-1.5.2.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-01-15",
"ID": "CVE-2018-1000002",
"REQUESTER": "petr.spacek@nic.cz",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.knot-resolver.cz/2018-01-22-knot-resolver-1.5.2.html",
"refsource": "CONFIRM",
"url": "https://www.knot-resolver.cz/2018-01-22-knot-resolver-1.5.2.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000002",
"datePublished": "2018-01-22T18:00:00.000Z",
"dateReserved": "2018-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:33:48.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}