Skip to main content

Knot Resolver CVE-2020-12667

HIGH
Uncontrolled Resource Consumption (CWE-400)
2020-05-19 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
May 19, 2020 - 13:15 nvd
HIGH 7.5

DescriptionNVD

Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

AnalysisAI

Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. Affected products include: Nic Knot Resolver. Version information: before 5.1.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.

CVE-2019-19331 HIGH POC
7.5 Dec 16

knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. Rated high severity

CVE-2023-46317 HIGH
7.5 Oct 22

Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers. Ra

CVE-2023-26249 HIGH
7.5 Feb 21

Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially c

CVE-2022-40188 HIGH
7.5 Sep 23

Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic

CVE-2021-40083 HIGH
7.5 Aug 25

Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 wit

CVE-2019-10191 HIGH
7.5 Jul 16

A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to do

CVE-2019-10190 HIGH
7.5 Jul 16

A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allow

CVE-2018-10920 MEDIUM
6.8 Aug 02

Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison c

CVE-2022-32983 MEDIUM
5.3 Jun 20

Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filter

CVE-2018-1000002 LOW
3.7 Jan 22

Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in

Share

CVE-2020-12667 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy