Vulnerability Description
Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nic | Knot Resolver | < 5.5.3 |
| Fedoraproject | Fedora | 35 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1343#note_262558Release NotesThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/10/msg00008.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1343#note_262558Release NotesThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/10/msg00008.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2022-40188?
CVE-2022-40188 is a vulnerability with a CVSS score of 7.5 (HIGH). Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets...
How severe is CVE-2022-40188?
CVE-2022-40188 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-40188?
Check the references section above for vendor advisories and patch information. Affected products include: Nic Knot Resolver, Fedoraproject Fedora, Debian Debian Linux.