CVE-2019-19331
First published: Mon Dec 16 2019(Updated: )
knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently, in extreme cases taking even several CPU seconds for each such uncached message. For example, a few thousand A records can be squashed into one DNS message (limit is 64kB).
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nic Knot Resolver | <4.3.0 | |
| Debian Debian Linux | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-19331?
CVE-2019-19331 is a vulnerability in knot-resolver before version 4.3.0 that can be exploited to cause denial of service through high CPU utilization.
How severe is CVE-2019-19331?
CVE-2019-19331 has a severity rating of high with a CVSS score of 7.5.
Which software versions are affected by CVE-2019-19331?
Versions of knot-resolver up to, but not including, 4.3.0 are affected by CVE-2019-19331.
How can CVE-2019-19331 be exploited?
CVE-2019-19331 can be exploited by sending DNS replies with a large number of resource records, causing inefficient processing and high CPU utilization.
How can I fix CVE-2019-19331?
To fix CVE-2019-19331, upgrade knot-resolver to version 4.3.0 or later.
- collector/nvd-index
- agent/type
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/references
- agent/softwarecombine
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/nic
- canonical/nic knot resolver
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0