CVE-2023-46317Knot Resolver vulnerability

5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 73.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cz.nic Knot-resolverNIC Knot Resolver
Timeline
PublishedOct 22
Latest updateOct 23

Description

Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDnic/knot_resolver< 5.7.0
Debiancz.nic/knot-resolver< 5.6.0-1+deb12u1+2

Patches

Patch: gitlab.nic.czPatch: gitlab.nic.cz

🔴Vulnerability Details

3
GHSA
GHSA-vwhm-7rfg-7rqc: Knot Resolver before 52023-10-23
CVEList
CVE-2023-46317: Knot Resolver before 52023-10-22
OSV
CVE-2023-46317: Knot Resolver before 52023-10-22

📋Vendor Advisories

1
Debian
CVE-2023-46317: knot-resolver - Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certai...2023
CVE-2023-46317 — NIC Knot Resolver vulnerability | cvebase