CVE-2022-40188

CVE-2022-40188

Name

CVE-2022-40188

Description

Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
CONFIRM	https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1343#note_262558
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S2VE5K3VDUHJOIA2IGT3G5R76IBADMNE/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIMDNIUI7GTUEKIBBYYW7OCTJQFPDNXL/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XO6LIVQS62MI5GG4OVYB5RHVZMYNHAHG/
Mailing List	https://lists.debian.org/debian-lts-announce/2022/10/msg00008.html
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2VE5K3VDUHJOIA2IGT3G5R76IBADMNE/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIMDNIUI7GTUEKIBBYYW7OCTJQFPDNXL/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO6LIVQS62MI5GG4OVYB5RHVZMYNHAHG/

Type

URI

CONFIRM

https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1343#note_262558

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S2VE5K3VDUHJOIA2IGT3G5R76IBADMNE/

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIMDNIUI7GTUEKIBBYYW7OCTJQFPDNXL/

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XO6LIVQS62MI5GG4OVYB5RHVZMYNHAHG/

Mailing List

https://lists.debian.org/debian-lts-announce/2022/10/msg00008.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2VE5K3VDUHJOIA2IGT3G5R76IBADMNE/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIMDNIUI7GTUEKIBBYYW7OCTJQFPDNXL/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO6LIVQS62MI5GG4OVYB5RHVZMYNHAHG/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:nic:knot_resolver::::::::`	knot_resolver	>= None	< 5.5.3

CPE URI

Source package

Min version

Max version

cpe:2.3:a:nic:knot_resolver:*:*:*:*:*:*:*:*

knot_resolver

>= None

< 5.5.3

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
knot-resolver	edge-community	5.5.3-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
knot-resolver	3.22-community	5.5.3-r0	None	fixed
knot-resolver	3.21-community	5.5.3-r0	None	fixed
knot-resolver	3.20-community	5.5.3-r0	None	fixed
knot-resolver	3.19-community	5.5.3-r0	None	fixed
knot-resolver	3.18-community	5.5.3-r0	None	fixed
knot-resolver	3.17-community	5.5.3-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed

Source package

Branch

Version

Maintainer

Status

knot-resolver

edge-community

5.5.3-r0

Jakub Jirutka <jakub@jirutka.cz>

fixed

knot-resolver

3.22-community