Vulnerability CVE-2019-19331


Published: 2019-12-16

Description:
knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently, in extreme cases taking even several CPU seconds for each such uncached message. For example, a few thousand A records can be squashed into one DNS message (limit is 64kB).

Type:

CWE-404

(Improper Resource Shutdown or Release)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
NIC -> Knot resolver 
Debian -> Debian linux 

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19331
https://www.knot-resolver.cz/2019-12-04-knot-resolver-4.3.0.html

Copyright 2024, cxsecurity.com

 

Back to Top