CVE-2016-6171

8.6 HIGH

Published: February 09, 2017 Modified: May 13, 2026

Description

Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/07/06/3

Source: secalert@redhat.com

Mailing List Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/07/06/4

Source: secalert@redhat.com

Mailing List Third Party Advisory

http://www.securityfocus.com/bid/91678

Source: secalert@redhat.com

Third Party Advisory VDB Entry

https://github.com/sischkg/xfer-limit/blob/master/README.md

Source: secalert@redhat.com

Patch Third Party Advisory

https://gitlab.labs.nic.cz/labs/knot/blob/c546a70563ef4c7badb7cb5bdf6d1ba8e7adae82/NEWS

Source: secalert@redhat.com

Release Notes VDB Entry

https://gitlab.labs.nic.cz/labs/knot/issues/464

Source: secalert@redhat.com

Vendor Advisory

https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html

Source: secalert@redhat.com

Technical Description

http://www.openwall.com/lists/oss-security/2016/07/06/3