Skip to main content

Knot Resolver CVE-2019-10190

HIGH
Improper Input Validation (CWE-20)
2019-07-16 secalert@redhat.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 16, 2019 - 18:15 nvd
HIGH 7.5

DescriptionNVD

A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation failed, instead of sending a SERVFAIL packet. Caching is not affected by this particular bug but see CVE-2019-10191.

AnalysisAI

A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation failed, instead of sending a SERVFAIL packet. Caching is not affected by this particular bug but see CVE-2019-10191. Affected products include: Nic Knot Resolver, Fedoraproject Fedora. Version information: version 3.2.0.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-19331 HIGH POC
7.5 Dec 16

knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. Rated high severity

CVE-2023-46317 HIGH
7.5 Oct 22

Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers. Ra

CVE-2023-26249 HIGH
7.5 Feb 21

Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially c

CVE-2022-40188 HIGH
7.5 Sep 23

Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic

CVE-2021-40083 HIGH
7.5 Aug 25

Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 wit

CVE-2020-12667 HIGH
7.5 May 19

Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka

CVE-2019-10191 HIGH
7.5 Jul 16

A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to do

CVE-2018-10920 MEDIUM
6.8 Aug 02

Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison c

CVE-2022-32983 MEDIUM
5.3 Jun 20

Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filter

CVE-2018-1000002 LOW
3.7 Jan 22

Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in

Share

CVE-2019-10190 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy