Auto-merge PR#2927

2025-08-04 08:44:25 +00:00 · 2019-12-16 10:15:16 -05:00 · 2019-12-16 10:15:16 -05:00 · 0d8f613b1a
commit 0d8f613b1a
parent 844ec1cc9c 03482ece60
1 changed files with 57 additions and 4 deletions
--- a/2019/19xxx/CVE-2019-19331.json
+++ b/2019/19xxx/CVE-2019-19331.json
@ -4,15 +4,68 @@
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2019-19331",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "msiddiqu@redhat.com"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "CZ.NIC",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "knot-resolver",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "4.3.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-407"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19331",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19331",
+                "refsource": "CONFIRM"
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently, in extreme cases taking even several CPU seconds for each such uncached message. For example, a few thousand A records can be squashed into one DNS message (limit is 64kB)."
            }
        ]
+    },
+    "impact": {
+        "cvss": [
+            [
+                {
+                    "vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+                    "version": "3.0"
+                }
+            ]
+        ]
    }
-}
+}