DNS/CVE-2019-10190について、ここに記述してください。

Knot Resolver vulnerability

https://seclists.org/oss-sec/2019/q3/49

Impact
======
Under certain circumstances, improper input validation bug in DNS
resolver component of Knot Resolver allows remote attacker to bypass
DNSSEC validation for non-existence answer.

An NXDOMAIN answer would get passed through to the client even if its
DNSSEC validation failed, instead of sending a SERVFAIL packet.


[Impact of exploitation (required)]:
Under certain circumstances this bug allows an attacker to hijack
DNS domains.

??? hijackにつながるのか。

2018-10-31 DNSSEC は危ない http://www.e-ontap.com/blog/20181031.html

これの話だとすると、Knot Resolver開発者はいまも説明していない。 -- ToshinoriMaeno 2019-07-15 23:28:54

This vulnerability is currently awaiting analysis. https://nvd.nist.gov/vuln/detail/CVE-2019-10190

../CVE-2019-10191