Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-19331

knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently, in extreme cases taking even several CPU seconds for each such uncached message. For example, a few thousand A records can be squashed into one DNS message (limit is 64kB).

Published

2019-12-16T16:15:11.660

Last Modified

2024-11-21T04:34:35.420

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-407
Type: Primary
CWE-404

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nic	knot_resolver	< 4.3.0	Yes
Operating System	debian	debian_linux	10.0	Yes

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19331 Exploit, Issue Tracking, Patch ([email protected])
https://lists.debian.org/debian-lts-announce/2024/04/msg00017.html ([email protected])
https://www.knot-resolver.cz/2019-12-04-knot-resolver-4.3.0.html Release Notes, Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19331 Exploit, Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/04/msg00017.html (af854a3a-2127-422b-91ae-364da2661108)
https://www.knot-resolver.cz/2019-12-04-knot-resolver-4.3.0.html Release Notes, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)