CVE-2019-19331 Information

Description

knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently in extreme cases taking even several CPU seconds for each such uncached message. For example a few thousand A records can be squashed into one DNS message (limit is 64kB).

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19331 https://www.knot-resolver.cz/2019-12-04-knot-resolver-4.3.0.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5