CVE-2023-46317

Name of the Vulnerable Software and Affected Versions Knot Resolver versions prior to 5.7.0

Description The issue exists due to insufficient input validation in the DNS translator. It allows a remote attacker to cause a denial of service (DoS) by making multiple TCP connections. When the Knot Resolver receives certain nonsensical responses from servers, it performs many TCP reconnections.

Recommendations For versions prior to 5.7.0, update to version 5.7.0 or later to resolve the issue. As a temporary workaround, consider restricting the number of TCP reconnections to minimize the risk of exploitation.