Skip to main content

Knot Resolver CVE-2018-10920

MEDIUM
Improper Input Validation (CWE-20)
2018-08-02 secalert@redhat.com
6.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 02, 2018 - 13:29 nvd
MEDIUM 6.8

DescriptionNVD

Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache.

AnalysisAI

Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache. Affected products include: Nic Knot Resolver. Version information: before 2.4.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-19331 HIGH POC
7.5 Dec 16

knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. Rated high severity

CVE-2023-46317 HIGH
7.5 Oct 22

Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers. Ra

CVE-2023-26249 HIGH
7.5 Feb 21

Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially c

CVE-2022-40188 HIGH
7.5 Sep 23

Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic

CVE-2021-40083 HIGH
7.5 Aug 25

Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 wit

CVE-2020-12667 HIGH
7.5 May 19

Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka

CVE-2019-10191 HIGH
7.5 Jul 16

A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to do

CVE-2019-10190 HIGH
7.5 Jul 16

A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allow

CVE-2022-32983 MEDIUM
5.3 Jun 20

Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filter

CVE-2018-1000002 LOW
3.7 Jan 22

Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in

Share

CVE-2018-10920 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy