git.ipfire.org Git - thirdparty/knot-resolver.git/commit

]> git.ipfire.org Git - thirdparty/knot-resolver.git/commit

projects / thirdparty / knot-resolver.git / commit

author	Vladimír Čunát <vladimir.cunat@nic.cz>
	Tue, 13 Feb 2024 11:43:16 +0000 (12:43 +0100)
committer	Vladimír Čunát <vladimir.cunat@nic.cz>
	Tue, 13 Feb 2024 11:43:16 +0000 (12:43 +0100)
commit	867b5f284fbd0ec1efcf293feef6c89b4313c4ae
tree	5a805e5c7af4fa361db69fa22e6aea9a54014928	tree
parent	79179c6f7ae24cf4ff0710203b57c5433f20734d	commit \| diff
parent	7b31e7e473746a455b714b34601c91101afe6a58	commit \| diff

Merge: mitigate CVE-2023-50387 "KeyTrap"

DNSSEC verification complexity could be exploited to exhaust CPU resources and stall DNS resolvers.

Solution boils down mainly to limiting crypto-validations per packet.

Mirror of https://gitlab.nic.cz/knot/knot-resolver.git

RSS Atom