DNS Traffic Amplification Vulnerability in Knot Resolver by CZ.NIC
CVE-2020-12667

7.5HIGH

Key Information:

Vendor: Nic
Status: Knot Resolver
Vendor: CVE Published:; 19 May 2020

What is CVE-2020-12667?

Knot Resolver prior to version 5.1.1 is susceptible to an NXNSAttack, allowing attackers to exploit crafted DNS responses from malicious servers. This vulnerability enables traffic amplification through random subdomains embedded in NS records, potentially leading to service disruption by overwhelming target systems with excessive traffic. Users of affected versions are strongly recommended to update to mitigate this serious risk.

References

https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-reso...

https://www.knot-resolver.cz/2020-05-19-knot-resolver-5.1...

http://www.openwall.com/lists/oss-security/2020/05/19/2

mailing-list

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2020
Vulnerability Reserved
May 5, 2020

CVE-2020-12667 Data

JSON

Nic

What is CVE-2020-12667?

References

CVSS V3.1

Timeline