Debian Security Advisory
DLA-3139-1 knot-resolver -- LTS security update
- Date Reported:
- 07 Oct 2022
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2022-40188.
- More information:
It was discovered that there was a potential remote denial-of-service vulnerability in the knot-resolver DNSSEC-validating DNS resolver.
Remote attackers could have caused a denial of service via CPU consumption by exploiting algorithmic complexity: during an attack, an authoritative server would return large nameserver or address sets.
Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets.
For Debian 10
Buster, these problems have been fixed in version 3.2.1-3+deb10u1.
We recommend that you upgrade your knot-resolver packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS