From: Vladimír Čunát <vladimir.cunat@nic.cz>
Date: Tue, 13 Feb 2024 11:43:16 +0000 (+0100)
Subject: Merge: mitigate CVE-2023-50387 "KeyTrap"
X-Git-Tag: v5.7.1~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=867b5f284fbd0ec1efcf293feef6c89b4313c4ae;p=thirdparty%2Fknot-resolver.git

Merge: mitigate CVE-2023-50387 "KeyTrap"

DNSSEC verification complexity could be exploited to exhaust CPU resources and stall DNS resolvers.

Solution boils down mainly to limiting crypto-validations per packet.
---

867b5f284fbd0ec1efcf293feef6c89b4313c4ae