Description
Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR.
References (7)
Core 7
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/07/06/3
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/91678
Technical Description mailing-list
x_refsource_mlist
https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/07/06/4
Release Notes, VDB Entry x_refsource_confirm
https://gitlab.labs.nic.cz/labs/knot/blob/c546a70563ef4c7badb7cb5bdf6d1ba8e7adae82/NEWS
Vendor Advisory x_refsource_confirm
https://gitlab.labs.nic.cz/labs/knot/issues/464
Patch, Third Party Advisory x_refsource_misc
https://github.com/sischkg/xfer-limit/blob/master/README.md
Scores
CVSS v3
8.6
EPSS
0.0209
EPSS Percentile
84.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (1)
knot-dns/knot_dns
< 2.3.0
Published
Feb 09, 2017
Tracked Since
Feb 18, 2026