Vulnerability Description
A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nic | Knot Resolver | < 4.1.0 |
| Fedoraproject | Fedora | 29 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10191Issue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2024/04/msg00017.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.htmlRelease NotesVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10191Issue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2024/04/msg00017.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.htmlRelease NotesVendor Advisory
FAQ
What is CVE-2019-10191?
CVE-2019-10191 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of d...
How severe is CVE-2019-10191?
CVE-2019-10191 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10191?
Check the references section above for vendor advisories and patch information. Affected products include: Nic Knot Resolver, Fedoraproject Fedora.