CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-19331

knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently, in extreme cases taking even several CPU seconds for each such uncached message. For example, a few thousand A records can be squashed into one DNS message (limit is 64kB).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.8%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

Products affected by CVE-2019-19331

Nic » Knot Resolver » Version: N/A

cpe:2.3:a:nic:knot_resolver:-
Nic » Knot Resolver » Version: 1.0.0

cpe:2.3:a:nic:knot_resolver:1.0.0
Nic » Knot Resolver » Version: 1.1.0

cpe:2.3:a:nic:knot_resolver:1.1.0
Nic » Knot Resolver » Version: 1.1.1

cpe:2.3:a:nic:knot_resolver:1.1.1
Nic » Knot Resolver » Version: 1.2.0

cpe:2.3:a:nic:knot_resolver:1.2.0
Nic » Knot Resolver » Version: 1.2.1

cpe:2.3:a:nic:knot_resolver:1.2.1
Nic » Knot Resolver » Version: 1.2.2

cpe:2.3:a:nic:knot_resolver:1.2.2
Nic » Knot Resolver » Version: 1.2.3

cpe:2.3:a:nic:knot_resolver:1.2.3
Nic » Knot Resolver » Version: 1.2.4

cpe:2.3:a:nic:knot_resolver:1.2.4
Nic » Knot Resolver » Version: 1.2.5

cpe:2.3:a:nic:knot_resolver:1.2.5
Nic » Knot Resolver » Version: 1.2.6

cpe:2.3:a:nic:knot_resolver:1.2.6
Nic » Knot Resolver » Version: 1.3.0

cpe:2.3:a:nic:knot_resolver:1.3.0
Nic » Knot Resolver » Version: 1.3.1

cpe:2.3:a:nic:knot_resolver:1.3.1
Nic » Knot Resolver » Version: 1.3.2

cpe:2.3:a:nic:knot_resolver:1.3.2
Nic » Knot Resolver » Version: 1.3.3

cpe:2.3:a:nic:knot_resolver:1.3.3
Nic » Knot Resolver » Version: 1.4.0

cpe:2.3:a:nic:knot_resolver:1.4.0
Nic » Knot Resolver » Version: 1.5.0

cpe:2.3:a:nic:knot_resolver:1.5.0
Nic » Knot Resolver » Version: 1.5.1

cpe:2.3:a:nic:knot_resolver:1.5.1
Nic » Knot Resolver » Version: 1.5.2

cpe:2.3:a:nic:knot_resolver:1.5.2
Nic » Knot Resolver » Version: 1.5.3

cpe:2.3:a:nic:knot_resolver:1.5.3
Nic » Knot Resolver » Version: 1.99.1

cpe:2.3:a:nic:knot_resolver:1.99.1
Nic » Knot Resolver » Version: 2.0.0

cpe:2.3:a:nic:knot_resolver:2.0.0
Nic » Knot Resolver » Version: 2.1.0

cpe:2.3:a:nic:knot_resolver:2.1.0
Nic » Knot Resolver » Version: 2.1.1

cpe:2.3:a:nic:knot_resolver:2.1.1
Nic » Knot Resolver » Version: 2.2.0

cpe:2.3:a:nic:knot_resolver:2.2.0
Nic » Knot Resolver » Version: 2.3.0

cpe:2.3:a:nic:knot_resolver:2.3.0
Nic » Knot Resolver » Version: 2.4.0

cpe:2.3:a:nic:knot_resolver:2.4.0
Nic » Knot Resolver » Version: 2.4.1

cpe:2.3:a:nic:knot_resolver:2.4.1
Nic » Knot Resolver » Version: 3.0.0

cpe:2.3:a:nic:knot_resolver:3.0.0
Nic » Knot Resolver » Version: 3.1.0

cpe:2.3:a:nic:knot_resolver:3.1.0
Nic » Knot Resolver » Version: 3.2.0

cpe:2.3:a:nic:knot_resolver:3.2.0
Nic » Knot Resolver » Version: 3.2.1

cpe:2.3:a:nic:knot_resolver:3.2.1
Nic » Knot Resolver » Version: 4.0.0

cpe:2.3:a:nic:knot_resolver:4.0.0
Nic » Knot Resolver » Version: 4.1.0

cpe:2.3:a:nic:knot_resolver:4.1.0
Nic » Knot Resolver » Version: 4.2.0

cpe:2.3:a:nic:knot_resolver:4.2.0
Nic » Knot Resolver » Version: 4.2.1

cpe:2.3:a:nic:knot_resolver:4.2.1
Nic » Knot Resolver » Version: 4.2.2

cpe:2.3:a:nic:knot_resolver:4.2.2
Debian » Debian Linux » Version: 10.0

cpe:2.3:o:debian:debian_linux:10.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-19331

Products

Pricing

Contact Us