Improper Input Validation in DNSSEC Components of Knot Resolver
CVE-2018-1000002

3.7LOW

Key Information:

Vendor: Nic
Status: Knot Resolver
Vendor: CVE Published:; 22 January 2018

What is CVE-2018-1000002?

Improper input validation issues are present in the DNSSEC validators of Knot Resolver, allowing a potential attacker in a man-in-the-middle position to spoof DNS responses. This vulnerability can lead to scenarios where an attacker denies the existence of certain DNS data by leveraging packet replay techniques, compromising the integrity of DNS queries and responses. Users of versions prior to 1.5.2 of Knot Resolver should take immediate action to update their systems and mitigate any risks associated with this vulnerability.

References

https://www.knot-resolver.cz/2018-01-22-knot-resolver-1.5...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 22, 2018
Vulnerability Reserved
Jan 16, 2018

CVE-2018-1000002 Data

JSON

Nic

What is CVE-2018-1000002?

References

CVSS V3.1

Timeline