CVE-2019-19331
HIGHknot_resolver < 4.3.0 - Denial of Service via Inefficient DNS Resource Record Processing
Title source: llmDescription
knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently, in extreme cases taking even several CPU seconds for each such uncached message. For example, a few thousand A records can be squashed into one DNS message (limit is 64kB).
References (3)
Core 3
Core References
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2024/04/msg00017.html
Exploit, Issue Tracking, Patch
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19331
Release Notes, Vendor Advisory
https://www.knot-resolver.cz/2019-12-04-knot-resolver-4.3.0.html
Scores
CVSS v3
7.5
EPSS
0.0217
EPSS Percentile
79.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-407
CWE-404
Status
published
Products (2)
debian/debian_linux
10.0
nic/knot_resolver
< 4.3.0
Published
Dec 16, 2019
Tracked Since
Feb 18, 2026