VulnerableCode Package Details - pkg:deb/debian/knot-resolver@5.0.1-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-8ks2-kv5d-gkdc	knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently, in extreme cases taking even several CPU seconds for each such uncached message. For example, a few thousand A records can be squashed into one DNS message (limit is 64kB).	CVE-2019-19331
VCID-fptj-ztkq-7uag	A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol.	CVE-2019-10191
VCID-g2wb-bccm-ufhn	A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation failed, instead of sending a SERVFAIL packet. Caching is not affected by this particular bug but see CVE-2019-10191.	CVE-2019-10190

Vulnerability

Summary

Aliases

VCID-8ks2-kv5d-gkdc

knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently, in extreme cases taking even several CPU seconds for each such uncached message. For example, a few thousand A records can be squashed into one DNS message (limit is 64kB).

CVE-2019-19331

VCID-fptj-ztkq-7uag

A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol.

CVE-2019-10191

VCID-g2wb-bccm-ufhn

A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation failed, instead of sending a SERVFAIL packet. Caching is not affected by this particular bug but see CVE-2019-10191.

CVE-2019-10190

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:11:00.123517+00:00	Debian Importer	Fixing	VCID-8ks2-kv5d-gkdc	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:01:10.465477+00:00	Debian Importer	Fixing	VCID-fptj-ztkq-7uag	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:44:22.584716+00:00	Debian Importer	Fixing	VCID-g2wb-bccm-ufhn	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:04:16.349951+00:00	Debian Importer	Fixing	VCID-8ks2-kv5d-gkdc	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:28:48.130015+00:00	Debian Importer	Fixing	VCID-fptj-ztkq-7uag	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:52:16.144886+00:00	Debian Importer	Fixing	VCID-g2wb-bccm-ufhn	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:28:05.902084+00:00	Debian Importer	Fixing	VCID-8ks2-kv5d-gkdc	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:28:05.852609+00:00	Debian Importer	Fixing	VCID-fptj-ztkq-7uag	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:28:05.803806+00:00	Debian Importer	Fixing	VCID-g2wb-bccm-ufhn	https://security-tracker.debian.org/tracker/data/json	38.1.0