CVE-2019-19331
Ubuntu Security Notice USN-7047-1
Severity Score
Exploit Likelihood
Affected Versions
2Public Exploits
1Exploited in Wild
-Decision
Descriptions
knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently, in extreme cases taking even several CPU seconds for each such uncached message. For example, a few thousand A records can be squashed into one DNS message (limit is 64kB).
knot-resolver versiones anteriores a 4.3.0, es vulnerable a una denegación de servicio por medio de una alta utilización de la CPU. Las respuestas de DNS con muchos registros de recursos podrían ser procesadas de manera muy ineficiente, en casos extremos, tomar incluso varios segundos de CPU para cada mensaje no almacenado en caché. Por ejemplo, algunos miles de registros A pueden ser agrupados en un mensaje DNS (el límite es 64kB).
VladimÃr Äunát discovered that Knot Resolver incorrectly handled input during DNSSEC validation. A remote attacker could possibly use this issue to bypass certain validations. VladimÃr Äunát discovered that Knot Resolver incorrectly handled input during DNSSEC validation. A remote attacker could possibly use this issue to downgrade DNSSEC-secure domains to a DNSSEC-insecure state, resulting in a domain hijacking attack.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-11-27 CVE Reserved
- 2019-12-16 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-404: Improper Resource Shutdown or Release
- CWE-407: Inefficient Algorithmic Complexity
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2024/0... | Mailing List |
|
| URL | Date | SRC |
|---|