CVE-2018-1110Improper Input Validation in Knot Resolver

CWE-20Improper Input Validation6 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 33.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cz.nic Knot-resolverNIC Knot Resolver
Timeline
PublishedMar 30
Latest updateMay 24

Description

A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDnic/knot_resolver< 2.3.0
Debiancz.nic/knot-resolver< 2.3.0-1+3
CVEListV5cz.nic/knot-resolverKnot Resolver 2.3.0

🔴Vulnerability Details

3
GHSA
GHSA-gv92-3p38-6rrw: A flaw was found in knot-resolver before version 22022-05-24
CVEList
CVE-2018-1110: A flaw was found in knot-resolver before version 22021-03-30
OSV
CVE-2018-1110: A flaw was found in knot-resolver before version 22021-03-30

💥Exploits & PoCs

1
Exploit-DB
CloudMe Sync 1.11.0 - Local Buffer Overflow2018-04-16

📋Vendor Advisories

1
Debian
CVE-2018-1110: knot-resolver - A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages m...2018
CVE-2018-1110 — Improper Input Validation | cvebase