ALT-PU-2024-2060-2
Package knot-resolver updated to version 5.7.0-alt1 for branch p10 in task 340322.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2022-32983
Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters.
- https://github.com/CZ-NIC/knot-resolver/commit/ccb9d9794db5eb757c33becf65cb1cf48ecfd968
- https://github.com/CZ-NIC/knot-resolver/commit/ccb9d9794db5eb757c33becf65cb1cf48ecfd968
- https://knot-resolver.readthedocs.io/en/stable/modules-policy.html#forwarding
- https://knot-resolver.readthedocs.io/en/stable/modules-policy.html#forwarding
Modified: 2025-05-27
CVE-2022-40188
Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets.
- https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1343#note_262558
- https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1343#note_262558
- [debian-lts-announce] 20221008 [SECURITY] [DLA 3139-1] knot-resolver security update
- [debian-lts-announce] 20221008 [SECURITY] [DLA 3139-1] knot-resolver security update
- FEDORA-2022-357cc1a81b
- FEDORA-2022-357cc1a81b
- FEDORA-2022-68ad89b21c
- FEDORA-2022-68ad89b21c
- FEDORA-2022-2a4ca7b18d
- FEDORA-2022-2a4ca7b18d
Modified: 2025-03-14
CVE-2023-26249
Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response.
Modified: 2024-11-21
CVE-2023-46317
Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers.