PT-2020-13194 · Cz.Nic+3 · Knot Resolver+3

Petr Špaček

Published

2020-05-19

Updated

2024-10-01

CVE-2020-12667

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Knot Resolver versions prior to 5.1.1

Description The issue allows traffic amplification via a crafted DNS answer from an attacker-controlled server, also known as an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

Recommendations For versions prior to 5.1.1, update to version 5.1.1 or later to resolve the issue. As a temporary workaround, consider restricting DNS answers from unknown or untrusted servers to minimize the risk of exploitation.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALT-PU-2020-1995

CVE-2020-12667

DLA-3795-1

USN-7047-1

Affected Products

Alt Linux

Knot Resolver

Linuxmint

Ubuntu

PT-2020-13194 · Cz.Nic+3 · Knot Resolver+3

CVE-2020-12667

Weakness Enumeration

Related Identifiers

Affected Products

References · 22