CVE-2019-19331

knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently, in extreme cases taking even several CPU seconds for each such uncached message. For example, a few thousand A records can be squashed into one DNS message (limit is 64kB).

Published: Dec 16, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-19331
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-404

Affected Software
References

Software	From	Fixed in
nic / knot_resolver	-	4.3.0
debian / debian_linux	10.0	10.0.x

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19331
https://lists.debian.org/debian-lts-announce/2024/04/msg00017.html
https://www.knot-resolver.cz/2019-12-04-knot-resolver-4.3.0.html

Vulnerability Database

289,599

CVE-2019-19331