Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-59094

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-02 Jul, 2026 | 19:40
Updated At-02 Jul, 2026 | 19:40
Rejected At-
Credits

Pathway - Unauthenticated Denial of Service via Exponential Glob Pattern Matching in Document Store

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each ** token without memoization, giving exponential worst-case complexity. The filepath_globpattern value is taken from the body of the unauthenticated HTTP endpoints /v1/retrieve, /v1/inputs and /v2/answer and compiled into a filter evaluated once per indexed document, with no length or **-count limit. A remote unauthenticated attacker can submit a short pattern containing many ** tokens to consume CPU for tens of seconds per request, and a small number of requests denies service.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–ĽCommon Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:02 Jul, 2026 | 19:40
Updated At:02 Jul, 2026 | 19:40
Rejected At:
â–ĽCVE Numbering Authority (CNA)
Pathway - Unauthenticated Denial of Service via Exponential Glob Pattern Matching in Document Store

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each ** token without memoization, giving exponential worst-case complexity. The filepath_globpattern value is taken from the body of the unauthenticated HTTP endpoints /v1/retrieve, /v1/inputs and /v2/answer and compiled into a filter evaluated once per indexed document, with no length or **-count limit. A remote unauthenticated attacker can submit a short pattern containing many ** tokens to consume CPU for tens of seconds per request, and a small number of requests denies service.

Affected Products
Vendor
pathwaycom
Product
pathway
Repo
https://github.com/pathwaycom/pathway
Default Status
unaffected
Versions
Affected
  • From 0 through 0.31.1 (semver)
Unaffected
  • d09722eef03fd94bba701836eb4c7fbfa3d3b88e (git)
Problem Types
TypeCWE IDDescription
CWECWE-407Inefficient Algorithmic Complexity
Type: CWE
CWE ID: CWE-407
Description: Inefficient Algorithmic Complexity
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
George Chen
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/pathwaycom/pathway/issues/241
technical-description
exploit
https://github.com/pathwaycom/pathway/pull/250
issue-tracking
https://github.com/pathwaycom/pathway/commit/d09722eef03fd94bba701836eb4c7fbfa3d3b88e
patch
https://www.vulncheck.com/advisories/pathway-unauthenticated-denial-of-service-via-exponential-glob-pattern-matching-in-document-store
third-party-advisory
Hyperlink: https://github.com/pathwaycom/pathway/issues/241
Resource:
technical-description
exploit
Hyperlink: https://github.com/pathwaycom/pathway/pull/250
Resource:
issue-tracking
Hyperlink: https://github.com/pathwaycom/pathway/commit/d09722eef03fd94bba701836eb4c7fbfa3d3b88e
Resource:
patch
Hyperlink: https://www.vulncheck.com/advisories/pathway-unauthenticated-denial-of-service-via-exponential-glob-pattern-matching-in-document-store
Resource:
third-party-advisory
Information is not available yet
â–ĽNational Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:02 Jul, 2026 | 20:17
Updated At:02 Jul, 2026 | 20:17

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each ** token without memoization, giving exponential worst-case complexity. The filepath_globpattern value is taken from the body of the unauthenticated HTTP endpoints /v1/retrieve, /v1/inputs and /v2/answer and compiled into a filter evaluated once per indexed document, with no length or **-count limit. A remote unauthenticated attacker can submit a short pattern containing many ** tokens to consume CPU for tens of seconds per request, and a small number of requests denies service.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-407Primarydisclosure@vulncheck.com
CWE ID: CWE-407
Type: Primary
Source: disclosure@vulncheck.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/pathwaycom/pathway/commit/d09722eef03fd94bba701836eb4c7fbfa3d3b88edisclosure@vulncheck.com
N/A
https://github.com/pathwaycom/pathway/issues/241disclosure@vulncheck.com
N/A
https://github.com/pathwaycom/pathway/pull/250disclosure@vulncheck.com
N/A
https://www.vulncheck.com/advisories/pathway-unauthenticated-denial-of-service-via-exponential-glob-pattern-matching-in-document-storedisclosure@vulncheck.com
N/A
Hyperlink: https://github.com/pathwaycom/pathway/commit/d09722eef03fd94bba701836eb4c7fbfa3d3b88e
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://github.com/pathwaycom/pathway/issues/241
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://github.com/pathwaycom/pathway/pull/250
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.vulncheck.com/advisories/pathway-unauthenticated-denial-of-service-via-exponential-glob-pattern-matching-in-document-store
Source: disclosure@vulncheck.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

64Records found

CVE-2023-24824
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.03% / 59.41%
||
7 Day CHG~0.00%
Published-31 Mar, 2023 | 22:01
Updated-11 Feb, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quadratic complexity may lead to a denial of service in cmark-gfm

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `>` or `-` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources.

Action-Not Available
Vendor-GitHub, Inc.
Product-cmark-gfmcmark-gfm
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CVE-2026-1285
Matching Score-4
Assigner-6a34fbeb-21d4-45e7-8e0a-62b95bc12c92
ShareView Details
Matching Score-4
Assigner-6a34fbeb-21d4-45e7-8e0a-62b95bc12c92
CVSS Score-7.5||HIGH
EPSS-0.99% / 58.34%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 14:35
Updated-04 Feb, 2026 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html` template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.

Action-Not Available
Vendor-Django
Product-djangoDjango
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CVE-2025-64458
Matching Score-4
Assigner-6a34fbeb-21d4-45e7-8e0a-62b95bc12c92
ShareView Details
Matching Score-4
Assigner-6a34fbeb-21d4-45e7-8e0a-62b95bc12c92
CVSS Score-7.5||HIGH
EPSS-1.93% / 77.54%
||
7 Day CHG+0.03%
Published-05 Nov, 2025 | 15:07
Updated-10 Nov, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect` were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.

Action-Not Available
Vendor-Django
Product-djangoDjango
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CVE-2026-13311
Matching Score-4
Assigner-7ffcee3d-2c14-4c3e-b844-86c6a321a158
ShareView Details
Matching Score-4
Assigner-7ffcee3d-2c14-4c3e-b844-86c6a321a158
CVSS Score-8.7||HIGH
EPSS-0.36% / 28.01%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 04:48
Updated-26 Jun, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
shell-quote parse() is quadratic in token count, enabling denial of service

shell-quote prior to 1.8.5 finalizes parsed tokens in parse() using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse() runs in O(n^2) time relative to the number of input tokens. An attacker who can supply an attacker-controlled string to any code path that calls parse() (no shell metacharacters are required; plain space-separated words suffice) can block the single-threaded Node.js event loop for an extended period with a small input, resulting in a denial of service. There is no code execution or data disclosure; impact is to availability only. Fixed in 1.8.5.

Action-Not Available
Vendor-shell-quote_projectljharb
Product-shell-quoteshell-quote
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CVE-2022-45061
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.45% / 82.42%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.

Action-Not Available
Vendor-n/aFedora ProjectPython Software FoundationNetApp, Inc.
Product-hcie-series_performance_analyzermanagement_services_for_element_softwareelement_softwarepythonhci_compute_nodeontap_select_deploy_administration_utilitybootstrap_osfedoraactive_iq_unified_managern/a
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CVE-2023-22483
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.5||LOW
EPSS-1.07% / 60.83%
||
7 Day CHG+0.13%
Published-23 Jan, 2023 | 22:36
Updated-10 Mar, 2025 | 21:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
cmark-gfm Quadratic complexity bugs may lead to a denial of service

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to several polynomial time complexity issues in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. Various commands, when piped to cmark-gfm with large values, cause the running time to increase quadratically. These vulnerabilities have been patched in version 0.29.0.gfm.7.

Action-Not Available
Vendor-GitHub, Inc.
Product-cmark-gfmcmark-gfm
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CVE-2023-22486
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.5||LOW
EPSS-1.11% / 61.86%
||
7 Day CHG~0.00%
Published-24 Jan, 2023 | 02:30
Updated-10 Mar, 2025 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
cmark-gfm Quadratic complexity bug in handle_close_bracket may lead to a denial of service

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handle_close_bracket that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7.

Action-Not Available
Vendor-GitHub, Inc.
Product-cmark-gfmcmark-gfm
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CVE-2022-40188
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.45% / 70.25%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 00:00
Updated-27 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets.

Action-Not Available
Vendor-nicn/aDebian GNU/LinuxFedora Project
Product-knot_resolverfedoradebian_linuxn/a
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CVE-2021-33582
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.07% / 86.03%
||
7 Day CHG~0.00%
Published-01 Sep, 2021 | 05:32
Updated-03 Aug, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.

Action-Not Available
Vendor-cyrusn/aDebian GNU/LinuxFedora Project
Product-imapdebian_linuxfedoran/a
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CVE-2025-62727
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.64% / 46.13%
||
7 Day CHG~0.00%
Published-28 Oct, 2025 | 20:14
Updated-04 Nov, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Starlette vulnerable to O(n^2) DoS via Range header merging in starlette.responses.FileResponse

Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial‑of‑service for endpoints serving files (e.g., StaticFiles or any use of FileResponse). This vulnerability is fixed in 0.49.1.

Action-Not Available
Vendor-Kludex
Product-starlette
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CVE-2025-58187
Matching Score-4
Assigner-Go Project
ShareView Details
Matching Score-4
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.38% / 30.41%
||
7 Day CHG~0.00%
Published-29 Oct, 2025 | 22:10
Updated-29 Jan, 2026 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quadratic complexity when checking name constraints in crypto/x509

Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.

Action-Not Available
Vendor-Go standard libraryGo
Product-gocrypto/x509
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CVE-2023-22484
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.5||LOW
EPSS-0.96% / 57.09%
||
7 Day CHG~0.00%
Published-23 Jan, 2023 | 22:42
Updated-10 Mar, 2025 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Quadratic complexity bug in handle_pointy_brace may lead to a denial of service

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7.

Action-Not Available
Vendor-GitHub, Inc.
Product-cmark-gfmcmark-gfm
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CVE-2020-3548
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.81% / 52.41%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 15:53
Updated-31 Jul, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Email Security Appliance Denial Of Service Vulnerability

A vulnerability in the Transport Layer Security (TLS) protocol implementation of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to inefficient processing of incoming TLS traffic. An attacker could exploit this vulnerability by sending a series of crafted TLS packets to an affected device. A successful exploit could allow the attacker to trigger a prolonged state of high CPU utilization. The affected device would still be operative, but response time and overall performance may be degraded.There are no workarounds that address this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-email_security_applianceCisco Secure Emailsecure_email
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CVE-2019-19331
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.17% / 80.03%
||
7 Day CHG~0.00%
Published-16 Dec, 2019 | 00:00
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently, in extreme cases taking even several CPU seconds for each such uncached message. For example, a few thousand A records can be squashed into one DNS message (limit is 64kB).

Action-Not Available
Vendor-nicCZ.NICDebian GNU/Linux
Product-knot_resolverdebian_linuxknot-resolver
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CWE ID-CWE-404
Improper Resource Shutdown or Release
  • Previous
  • 1
  • 2
  • Next
Details not found