knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently, in extreme cases taking even several CPU seconds for each such uncached message. For example, a few thousand A records can be squashed into one DNS message (limit is 64kB).
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19331 | Exploit Issue Tracking Patch |
https://lists.debian.org/debian-lts-announce/2024/04/msg00017.html | |
https://www.knot-resolver.cz/2019-12-04-knot-resolver-4.3.0.html | Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2019-12-16T00:00:00
Updated: 2024-04-26T07:06:04.638101
Reserved: 2019-11-27T00:00:00
Link: CVE-2019-19331
JSON object: View
NVD Information
Status : Modified
Published: 2019-12-16T16:15:11.660
Modified: 2024-04-26T07:15:47.327
Link: CVE-2019-19331
JSON object: View
Redhat Information
No data.