First published: Tue Feb 21 2023(Updated: )
Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Go-resolver | <5.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-26249 is a vulnerability in Knot Resolver before version 5.6.0 that allows attackers to consume its resources, launch amplification attacks, and potentially cause a denial of service.
CVE-2023-26249 affects Knot Resolver before version 5.6.0 by allowing a single client query to lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response.
CVE-2023-26249 has a severity rating of high, with a score of 7.5.
To fix the CVE-2023-26249 vulnerability, you should update Knot Resolver to version 5.6.0 or newer.
You can find more information about CVE-2023-26249 at the following link: [https://www.knot-resolver.cz/2023-01-26-knot-resolver-5.6.0.html](https://www.knot-resolver.cz/2023-01-26-knot-resolver-5.6.0.html).