Published: 16/07/2019 Updated: 12/02/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

A vulnerability exists in DNS resolver component of knot resolver through version 3.2.0 prior to 4.1.0 which allows remote malicious users to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation failed, instead of sending a SERVFAIL packet. Caching is not affected by this particular bug but see CVE-2019-10191.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nic knot resolver
fedoraproject fedora 29
fedoraproject fedora 30

Debian Bug report logs - #932048 knot-resolver: CVE-2019-10190 CVE-2019-10191 Package: src:knot-resolver; Maintainer for src:knot-resolver is knot-resolver packagers <knot-resolver@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 14 Jul 2019 12:09:02 UTC Severity: grave Tags: sec ...

CWE-20 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10190 https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMSSWBHINIX4WE6UDXWM66L7JYEK6XS6/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZV5YZZ5766UIG2TFLFJL6EESQNAP5X5/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932048 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-10190

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect