CVE-2018-10920
published 2018-08-02CVE-2018-10920: Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache.
PriorityP337medium6.8CVSS 3.1
AVNACHPRNUINSCCNIHAN
EPSS
3.24%
86.7th percentile
Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cz.nic | knot-resolver | — | — |
| cz.nic | knot-resolver | >= 0 < 2.4.1-1 | 2.4.1-1 |
| cz.nic | knot-resolver | >= 0 < 2.4.1-1 | 2.4.1-1 |
| cz.nic | knot-resolver | >= 0 < 2.4.1-1 | 2.4.1-1 |
| cz.nic | knot-resolver | >= 0 < 2.4.1-1 | 2.4.1-1 |
| debian | knot-resolver | < knot-resolver 2.4.1-1 (bookworm) | knot-resolver 2.4.1-1 (bookworm) |
| nic | knot_resolver | < 2.4.1 | 2.4.1 |
CVSS provenance
nvdv3.16.8MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.8MEDIUM
vendor_debian6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2018-10920: knot-resolver - Improper input validation bug in DNS resolver component of Knot Resolver before ...
vendor_debian·2018·CVSS 6.8
CVE-2018-10920 [MEDIUM] CVE-2018-10920: knot-resolver - Improper input validation bug in DNS resolver component of Knot Resolver before ...
Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache.
Scope: local
bookworm: resolved (fixed in 2.4.1-1)
bullseye: resolved (fixed in 2.4.1-1)
forky: resolved (fixed in 2.4.1-1)
sid: resolved (fixed in 2.4.1-1)
trixie: resolved (fixed in 2.4.1-1)
GHSA
GHSA-xv4h-w5rx-q9c8: Improper input validation bug in DNS resolver component of Knot Resolver before 2
ghsa_unreviewed·2022-05-13
CVE-2018-10920 [MEDIUM] CWE-20 GHSA-xv4h-w5rx-q9c8: Improper input validation bug in DNS resolver component of Knot Resolver before 2
Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache.
OSV
CVE-2018-10920: Improper input validation bug in DNS resolver component of Knot Resolver before 2
osv·2018-08-02·CVSS 6.8
CVE-2018-10920 [MEDIUM] CVE-2018-10920: Improper input validation bug in DNS resolver component of Knot Resolver before 2
Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache.
No detection rules found.
No public exploits indexed.
2018-08-02
Published