VYPR
High severity7.5NVD Advisory· Published Jul 16, 2019· Updated Jun 17, 2026

CVE-2019-10190

CVE-2019-10190

Description

A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation failed, instead of sending a SERVFAIL packet. Caching is not affected by this particular bug but see CVE-2019-10191.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Range: <4.1.0, through 3.2.0
  • CZ.NIC/knot-resolverv5
    Range: from 3.2.0 before 4.1.0

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.