There are 2 open security issues in bullseye.
2 issues left for the package maintainer to handle:
- CVE-2022-40188:
(needs triaging)
Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets.
- CVE-2023-26249:
(needs triaging)
Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response.
You can find information about how to handle these issues in the security team's documentation.