Bug 1944328 (CVE-2018-1110) - CVE-2018-1110 knot-resolver: Denial of service triggered by malformed DNS messages
Summary: CVE-2018-1110 knot-resolver: Denial of service triggered by malformed DNS mes...
Keywords:
Status: NEW
Alias: CVE-2018-1110
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1944324
TreeView+ depends on / blocked
 
Reported: 2021-03-29 18:30 UTC by Pedro Sampaio
Modified: 2021-03-30 15:39 UTC (History)
6 users (show)

Fixed In Version: Knot Resolver 2.3.0
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in knot-resolver. Malformed DNS messages may cause denial of service. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed:

Attachments (Terms of Use)

Description Pedro Sampaio 2021-03-29 18:30:37 UTC 
A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service.

References:

https://www.knot-resolver.cz/2018-04-23-knot-resolver-2.3.0.html
Comment 1 Pedro Sampaio 2021-03-29 18:31:29 UTC 
External References:

https://www.knot-resolver.cz/2018-04-23-knot-resolver-2.3.0.html
Comment 2 Petr Špaček 2021-03-30 06:06:21 UTC 
For my education, what is this? This bug was fixed three years ago - why do we need an open Bugzilla for it now?

Thank you for information.
Comment 3 Pedro Sampaio 2021-03-30 13:36:39 UTC 
In reply to comment #2:
> For my education, what is this? This bug was fixed three years ago - why do
> we need an open Bugzilla for it now?
> 
> Thank you for information.

The CVE was assigned by Red Hat so we must have a bug to reference in the publication to Mitre's site.
Note You need to log in before you can comment on or make changes to this bug.