CVE-2016-6171

Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
knot-dnsknot_dns
𝑥
< 2.3.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
knot
bullseye
3.0.5-1+deb11u1
fixed
jessie
no-dsa
bookworm
3.2.6-1
fixed
trixie
3.4.0-4
fixed
sid
3.4.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
knot
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
not-affected
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
ignored
zesty
ignored
yakkety
ignored
xenial
needed
wily
ignored
trusty
dne
precise
dne
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2016/07/06/3
http://www.openwall.com/lists/oss-security/2016/07/06/4
http://www.securityfocus.com/bid/91678
https://github.com/sischkg/xfer-limit/blob/master/README.md
https://gitlab.labs.nic.cz/labs/knot/blob/c546a70563ef4c7badb7cb5bdf6d1ba8e7adae82/NEWS
https://gitlab.labs.nic.cz/labs/knot/issues/464
https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html
http://www.openwall.com/lists/oss-security/2016/07/06/3
http://www.openwall.com/lists/oss-security/2016/07/06/4
http://www.securityfocus.com/bid/91678
https://github.com/sischkg/xfer-limit/blob/master/README.md
https://gitlab.labs.nic.cz/labs/knot/blob/c546a70563ef4c7badb7cb5bdf6d1ba8e7adae82/NEWS
https://gitlab.labs.nic.cz/labs/knot/issues/464
https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html