CVE-2019-3806

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-3806

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3806.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-3806

Related

Published

2019-01-29T17:29:00Z

Modified

2024-09-18T03:05:02.768420Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.

References

Affected packages

Debian:11 / pdns-recursor

Package

Name: pdns-recursor
Purl: pkg:deb/debian/pdns-recursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.1.9-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / pdns-recursor

Package

Name: pdns-recursor
Purl: pkg:deb/debian/pdns-recursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.1.9-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / pdns-recursor

Package

Name: pdns-recursor
Purl: pkg:deb/debian/pdns-recursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.1.9-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/powerdns/pdns

Affected ranges

Type: GIT
Repo: https://github.com/powerdns/pdns
Events: Introduced

0a98a51fb1fbf90922f2edf7e47f3a9a050e2ddf

Fixed

924b641ce41fddda352d6982b77394671deeef94

Affected versions

rec-4.*

rec-4.1.4

rec-4.1.5

rec-4.1.6

rec-4.1.7

rec-4.1.8