What is CVE-2023-26249?

CVE-2023-26249 is a vulnerability in Knot Resolver before version 5.6.0 that allows attackers to consume its resources, launch amplification attacks, and potentially cause a denial of service.

How does CVE-2023-26249 affect Knot Resolver?

CVE-2023-26249 affects Knot Resolver before version 5.6.0 by allowing a single client query to lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response.

What is the severity of CVE-2023-26249?

CVE-2023-26249 has a severity rating of high, with a score of 7.5.

How can I fix the CVE-2023-26249 vulnerability?

To fix the CVE-2023-26249 vulnerability, you should update Knot Resolver to version 5.6.0 or newer.

Where can I find more information about CVE-2023-26249?

You can find more information about CVE-2023-26249 at the following link: [https://www.knot-resolver.cz/2023-01-26-knot-resolver-5.6.0.html](https://www.knot-resolver.cz/2023-01-26-knot-resolver-5.6.0.html).

Vulnerability/
CVE-2023-26249

high

7.5

CWE

770

21/2/2023

2/3/2023

CVE-2023-26249

First published: Tue Feb 21 2023(Updated: )

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Nic Knot Resolver	<5.6.0

Never miss a vulnerability like this again

Reference Links

https://www.knot-resolver.cz/2023-01-26-knot-resolver-5.6.0.html

Frequently Asked Questions

What is CVE-2023-26249?
CVE-2023-26249 is a vulnerability in Knot Resolver before version 5.6.0 that allows attackers to consume its resources, launch amplification attacks, and potentially cause a denial of service.
How does CVE-2023-26249 affect Knot Resolver?
CVE-2023-26249 affects Knot Resolver before version 5.6.0 by allowing a single client query to lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response.
What is the severity of CVE-2023-26249?
CVE-2023-26249 has a severity rating of high, with a score of 7.5.
How can I fix the CVE-2023-26249 vulnerability?
To fix the CVE-2023-26249 vulnerability, you should update Knot Resolver to version 5.6.0 or newer.
Where can I find more information about CVE-2023-26249?
You can find more information about CVE-2023-26249 at the following link: [https://www.knot-resolver.cz/2023-01-26-knot-resolver-5.6.0.html](https://www.knot-resolver.cz/2023-01-26-knot-resolver-5.6.0.html).

collector/nvd-index
vendor/nic
product/knot resolver
canonical/nic knot resolver

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.