CVE-2019-19331

Name of the Vulnerable Software and Affected Versions knot-resolver versions prior to 4.3.0

Description The issue allows for denial of service through high CPU utilization. This occurs when DNS replies contain a large number of resource records, which can be processed inefficiently. In extreme cases, processing a single uncached message can take several CPU seconds. For example, a DNS message can contain a few thousand A records, with a limit of 64kB.

Recommendations For versions prior to 4.3.0, update to version 4.3.0 or later to resolve the issue. As a temporary workaround, consider restricting the size of DNS messages or limiting the number of resource records processed to minimize the risk of high CPU utilization.