CVE-2022-40188

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-40188
Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1343#note_262558 Release Notes Third Party Advisory
https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1343#note_262558 Release Notes Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/10/msg00008.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/10/msg00008.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIMDNIUI7GTUEKIBBYYW7OCTJQFPDNXL/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIMDNIUI7GTUEKIBBYYW7OCTJQFPDNXL/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2VE5K3VDUHJOIA2IGT3G5R76IBADMNE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2VE5K3VDUHJOIA2IGT3G5R76IBADMNE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO6LIVQS62MI5GG4OVYB5RHVZMYNHAHG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO6LIVQS62MI5GG4OVYB5RHVZMYNHAHG/
Configurations

Configuration 1 (hide)

cpe:2.3:a:nic:knot_resolver:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
History

27 May 2025, 15:15

Type Values Removed Values Added
References (CONFIRM) https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1343#note_262558 - Release Notes, Third Party Advisory () https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1343#note_262558 - Release Notes, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2022/10/msg00008.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2022/10/msg00008.html - Mailing List, Third Party Advisory

07 Nov 2023, 03:52

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XO6LIVQS62MI5GG4OVYB5RHVZMYNHAHG/', 'name': 'FEDORA-2022-2a4ca7b18d', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIMDNIUI7GTUEKIBBYYW7OCTJQFPDNXL/', 'name': 'FEDORA-2022-357cc1a81b', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S2VE5K3VDUHJOIA2IGT3G5R76IBADMNE/', 'name': 'FEDORA-2022-68ad89b21c', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2VE5K3VDUHJOIA2IGT3G5R76IBADMNE/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO6LIVQS62MI5GG4OVYB5RHVZMYNHAHG/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIMDNIUI7GTUEKIBBYYW7OCTJQFPDNXL/ -

08 Aug 2023, 14:22

Type Values Removed Values Added
CWE CWE-400 CWE-407
Information

Published : 2022-09-23 16:15

Updated : 2025-05-27 15:15

NVD link : CVE-2022-40188

Mitre link : CVE-2022-40188

JSON object : View

Products Affected

debian

  • debian_linux

nic

  • knot_resolver

fedoraproject

  • fedora
CWE
CWE-407

Inefficient Algorithmic Complexity