CVE-2022-32983Authentication Bypass by Spoofing in Knot Resolver

CWE-290Authentication Bypass by Spoofing5 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
0.4%
top 39.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
NIC Knot Resolver
Timeline
PublishedJun 20
Latest updateJun 21

Description

Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-p3g6-9xqh-3vvh: Knot Resolver through 52022-06-21
CVEList
CVE-2022-32983: Knot Resolver through 52022-06-20
OSV
CVE-2022-32983: Knot Resolver through 52022-06-20

📋Vendor Advisories

1
Debian
CVE-2022-32983: knot-resolver - Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attem...2022
CVE-2022-32983 — Authentication Bypass by Spoofing | cvebase