Bug 1944328 (CVE-2018-1110) - CVE-2018-1110 knot-resolver: Denial of service triggered by malformed DNS messages
Summary: CVE-2018-1110 knot-resolver: Denial of service triggered by malformed DNS mes...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2018-1110
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1944324
TreeView+ depends on / blocked
 
Reported: 2021-03-29 18:30 UTC by Pedro Sampaio
Modified: 2023-11-21 05:12 UTC (History)
7 users (show)

Fixed In Version: Knot Resolver 2.3.0
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in knot-resolver. Malformed DNS messages may cause denial of service. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed: 2023-11-21 05:12:27 UTC
Embargoed:


Attachments (Terms of Use)

Description Pedro Sampaio 2021-03-29 18:30:37 UTC
A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service.

References:

https://www.knot-resolver.cz/2018-04-23-knot-resolver-2.3.0.html

Comment 1 Pedro Sampaio 2021-03-29 18:31:29 UTC
External References:

https://www.knot-resolver.cz/2018-04-23-knot-resolver-2.3.0.html

Comment 2 Petr Špaček 2021-03-30 06:06:21 UTC
For my education, what is this? This bug was fixed three years ago - why do we need an open Bugzilla for it now?

Thank you for information.

Comment 3 Pedro Sampaio 2021-03-30 13:36:39 UTC
In reply to comment #2:
> For my education, what is this? This bug was fixed three years ago - why do
> we need an open Bugzilla for it now?
> 
> Thank you for information.

The CVE was assigned by Red Hat so we must have a bug to reference in the publication to Mitre's site.

Comment 5 williamanregal 2023-11-09 11:51:23 UTC
The https://www.ace4sure.com/PT0-002-questions.html, also known as the CompTIA PenTest+ certification, is a globally recognized credential that validates your skills in penetration testing and vulnerability management. It's designed for professionals who want to excel in the field of cybersecurity, ensuring they can identify and manage security threats effectively.

Comment 6 Jakub Ruzicka 2023-11-09 17:57:12 UTC
Why am I needinfo here? Why is anyone needinfo here, actually?

Why is noone assigned to this?

Why is this not closed?

C̵͉̎H̴̤̀A̸͕̽Ǫ̴̑S̶̠̉ ̵̳̀R̵̆ͅE̴̻̚Ȋ̶̫G̴͇̋Ṋ̶̇S̸͔̑

This bug has been fixed long time ago as Petr noted. It was reported against 2.3.0, but all active Fedora/EPEL releases are at 5.7.0 - it's been 3 major releases since this bug.

I'd close this but I can't ಠ_ಠ


Note You need to log in before you can comment on or make changes to this bug.