Debian Security Advisory

DLA-3139-1 knot-resolver -- LTS security update

Date Reported:
07 Oct 2022
Affected Packages:
knot-resolver
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2022-40188.
More information:

It was discovered that there was a potential remote denial-of-service vulnerability in the knot-resolver DNSSEC-validating DNS resolver.

Remote attackers could have caused a denial of service via CPU consumption by exploiting algorithmic complexity: during an attack, an authoritative server would return large nameserver or address sets.

  • CVE-2022-40188

    Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets.

For Debian 10 Buster, these problems have been fixed in version 3.2.1-3+deb10u1.

We recommend that you upgrade your knot-resolver packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS