897928 – (CVE-2023-26249) <net-dns/knot-resolver-5.6.0: DoS via many TCP connections

Bug 897928 (CVE-2023-26249) - <net-dns/knot-resolver-5.6.0: DoS via many TCP connections

Summary: <net-dns/knot-resolver-5.6.0: DoS via many TCP connections

Status:	CONFIRMED

Alias:	CVE-2023-26249

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:	https://www.knot-resolver.cz/2023-01-...
Whiteboard:	B3 [glsa?]
Keywords:

Depends on:	898036
Blocks:
	Show dependency tree

Reported:	2023-02-26 17:49 UTC by John Helmert III
Modified:	2023-02-27 18:22 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2023-02-26 17:49:39 UTC

CVE-2023-26249:

Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response.

Please stabilize 5.6.0.

Comment 1 Larry the Git Cow gentoo-dev

2023-02-27 18:22:34 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1175a164201bad5751040ae5d4a008a31a783332

commit 1175a164201bad5751040ae5d4a008a31a783332
Author:     Matthew Smith <matthew@gentoo.org>
AuthorDate: 2023-02-27 18:22:19 +0000
Commit:     Matthew Smith <matthew@gentoo.org>
CommitDate: 2023-02-27 18:22:19 +0000

    net-dns/knot-resolver: drop 5.5.3
    
    Bug: https://bugs.gentoo.org/897928
    Signed-off-by: Matthew Smith <matthew@gentoo.org>

 net-dns/knot-resolver/Manifest                   |  2 -
 net-dns/knot-resolver/knot-resolver-5.5.3.ebuild | 93 ------------------------
 2 files changed, 95 deletions(-)