Vulnerabilities > NIC > Knot Resolver > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-14 | CVE-2023-50387 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. | 7.5 |
| 2023-10-22 | CVE-2023-46317 | Unspecified vulnerability in NIC Knot Resolver Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers. | 7.5 |
| 2023-02-21 | CVE-2023-26249 | Allocation of Resources Without Limits or Throttling vulnerability in NIC Knot Resolver Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. | 7.5 |
| 2022-09-23 | CVE-2022-40188 | Algorithmic Complexity vulnerability in multiple products Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. | 7.5 |
| 2021-08-25 | CVE-2021-40083 | Reachable Assertion vulnerability in NIC Knot Resolver Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof). | 7.5 |
| 2021-03-30 | CVE-2018-1110 | Improper Input Validation vulnerability in NIC Knot Resolver A flaw was found in knot-resolver before version 2.3.0. | 7.5 |
| 2020-05-19 | CVE-2020-12667 | Resource Exhaustion vulnerability in NIC Knot Resolver Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. | 7.5 |
| 2019-12-16 | CVE-2019-19331 | Improper Resource Shutdown or Release vulnerability in multiple products knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. | 7.5 |
| 2019-07-16 | CVE-2019-10191 | Improper Input Validation vulnerability in multiple products A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol. | 7.5 |
| 2019-07-16 | CVE-2019-10190 | Improper Input Validation vulnerability in multiple products A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. | 7.5 |