CVE-2018-1110: 
Linux Debian vulnerability analysis and mitigation

A flaw was discovered in Knot Resolver versions 2.2.0 and earlier, identified as CVE-2018-1110. The vulnerability involves improper input validation in the DNS resolver component, which allows remote attackers to cause denial of service through malformed DNS messages. The issue was discovered and fixed with the release of Knot Resolver 2.3.0 on April 23, 2018 (Knot Release, OSS Security).

The vulnerability is classified as CWE-20 (Improper Input Validation), along with CWE-476 and CWE-626. The attack vector is network-based with low attack complexity, requiring no privileges or user interaction. The scope is unchanged, with no impact on confidentiality, low impact on integrity, and high impact on availability (OSS Security).

When exploited, this vulnerability allows attackers to trigger program crashes, leading to denial of service in the affected Knot Resolver installations. The impact primarily affects the availability of the DNS resolver service (OSS Security).

The vulnerability was fixed in Knot Resolver version 2.3.0. Due to major changes in data structures, backporting fixes to older versions was deemed not feasible. The developers discontinued support for all versions older than 2.3.0 and strongly discouraged attempts to backport fixes due to the risk of introducing additional bugs (OSS Security).