CVE-2018-1000002: Input Validation
First published: Mon Jan 22 2018(Updated: )
Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Go-resolver | <1.5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2018-1000002?
CVE-2018-1000002 is a vulnerability that allows an attacker in a man-in-the-middle position to deny the existence of some data in DNS via packet replay in Knot Resolver prior to version 1.5.2.
How severe is CVE-2018-1000002?
CVE-2018-1000002 has a severity rating of medium with a CVSS score of 3.7.
Which software is affected by CVE-2018-1000002?
Knot Resolver prior to version 1.5.2 is affected by CVE-2018-1000002.
How can an attacker exploit CVE-2018-1000002?
An attacker in a man-in-the-middle position can exploit CVE-2018-1000002 by replaying packets and denying the existence of certain data in DNS.
Is there a fix for CVE-2018-1000002?
Yes, the fix for CVE-2018-1000002 is available in Knot Resolver version 1.5.2 and later.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/softwarecombine
- vendor/nic
- canonical/go-resolver