CVE-2018-10920Improper Input Validation in Knot Resolver

CWE-20Improper Input Validation6 documents6 sources
Severity
6.8MEDIUMNVD
EPSS
12.2%
top 6.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cz.nic Knot-resolverNIC Knot Resolver
Timeline
PublishedAug 2
Latest updateMay 13

Description

Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:NExploitability: 2.2 | Impact: 4.0

Affected Packages3 packages

NVDnic/knot_resolver< 2.4.1
Debiancz.nic/knot-resolver< 2.4.1-1+3
CVEListV5cz.nic/knot-resolverbefore 2.4.1

🔴Vulnerability Details

3
GHSA
GHSA-xv4h-w5rx-q9c8: Improper input validation bug in DNS resolver component of Knot Resolver before 22022-05-13
CVEList
CVE-2018-10920: Improper input validation bug in DNS resolver component of Knot Resolver before 22018-08-02
OSV
CVE-2018-10920: Improper input validation bug in DNS resolver component of Knot Resolver before 22018-08-02

📋Vendor Advisories

1
Debian
CVE-2018-10920: knot-resolver - Improper input validation bug in DNS resolver component of Knot Resolver before ...2018

💬Community

1
Bugzilla
CVE-2018-10920 knot-resolver: Improper input validation bug in DNS resolver component2018-08-01
CVE-2018-10920 — Improper Input Validation | cvebase