CVE-2019-19331

HIGH

knot-resolver <4.3.0 - DoS

Title source: llm

Description

knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently, in extreme cases taking even several CPU seconds for each such uncached message. For example, a few thousand A records can be squashed into one DNS message (limit is 64kB).

References (3)

[Mailing List] https://lists.debian.org/debian-lts-announce/2024/04/msg00017.html

[Exploit, Issue Tracking, Patch] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19331

[Release Notes, Vendor Advisory] https://www.knot-resolver.cz/2019-12-04-knot-resolver-4.3.0.html

Scores

CVSS v3 7.5

EPSS 0.0049

EPSS Percentile 65.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-407 CWE-404

Status published

Products (2)

debian/debian_linux 10.0

nic/knot_resolver < 4.3.0

Published Dec 16, 2019

Tracked Since Feb 18, 2026