CVE-2022-40188 — Vulnetix

CVE-2022-40188 PUBLISHED CVSS 7.5 HIGH

Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets.

EPSS 0.29% · 52.9th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.29%

52.9th percentile

Affected Products

Vendor	Product	Versions
debian	debian_linux	10.0
nic	knot_resolver	0
n/a	n/a	*
fedoraproject	fedora	37, 35, 36

Timeline

Sep 23, 2022 CVE Published
Sep 24, 2022 EPSS Score
Nov 8, 2022 EPSS Score
Dec 22, 2022 EPSS Score
Feb 5, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 5, 2023 EPSS Score
Jun 18, 2023 EPSS Score
Aug 2, 2023 EPSS Score
Sep 15, 2023 EPSS Score
Oct 30, 2023 EPSS Score
Dec 14, 2023 EPSS Score

References

https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1343#note_262558 url
FEDORA-2022-68ad89b21c vendor-advisory
FEDORA-2022-357cc1a81b vendor-advisory
FEDORA-2022-2a4ca7b18d vendor-advisory
[debian-lts-announce] 20221008 [SECURITY] [DLA 3139-1] knot-resolver security update mailing-list
https://nvd.nist.gov/vuln/detail/CVE-2022-40188 advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIMDNIUI7GTUEKIBBYYW7OCTJQFPDNXL url
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2VE5K3VDUHJOIA2IGT3G5R76IBADMNE url
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO6LIVQS62MI5GG4OVYB5RHVZMYNHAHG url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIMDNIUI7GTUEKIBBYYW7OCTJQFPDNXL url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S2VE5K3VDUHJOIA2IGT3G5R76IBADMNE url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XO6LIVQS62MI5GG4OVYB5RHVZMYNHAHG url

Open in Interactive Console →