CVE-2019-3871

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-3871
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3871.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-3871
Downstream
Related
Published
2019-03-21T21:29:00.700Z
Modified
2026-04-16T04:30:36.949909685Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response

References

Affected packages

Git / github.com/powerdns/pdns

Affected ranges

Type
GIT
Repo
https://github.com/powerdns/pdns
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1e61e68fdd6f0937240da46e48434c2fd073bf44
Introduced
80da1b4773cbdad76755b01c70739059d6f607af
Fixed
8c7029b6158e119f1e8317a5af5f147547a23fa2
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.0.7"
        },
        {
            "introduced": "4.1.0"
        },
        {
            "fixed": "4.1.7"
        }
    ]
}

Affected versions

auth-3.*
auth-3.1-rc1
auth-3.1-rc2
auth-3.1-rc3
auth-3.2-rc1
auth-3.2-rc2
auth-3.2-rc3
auth-3.2-rc4
auth-3.4.0
auth-3.4.0-rc1
auth-3.4.0-rc2
auth-4.*
auth-4.0.0
auth-4.0.0-alpha1
auth-4.0.0-alpha2
auth-4.0.0-alpha3
auth-4.0.0-beta1
auth-4.0.0-rc1
auth-4.0.0-rc2
auth-4.0.1
dnsdist-1.*
dnsdist-1.0.0
dnsdist-1.0.0-alpha1
dnsdist-1.0.0-alpha2
dnsdist-1.0.0-beta1
dnsdist-1.1.0-beta1
Other
rec-3-0
rec-3-0-1
rec-3.*
rec-3.0
rec-3.0.1
rec-3.1.4
rec-3.3.1
rec-3.5
rec-3.5-rc1
rec-3.5-rc3
rec-3.5-rc4
rec-3.5-rc5
rec-3.6.0
rec-4.*
rec-4.0.0
rec-4.0.0-alpha1
rec-4.0.0-alpha2
rec-4.0.0-alpha3
rec-4.0.0-beta1
rec-4.0.0-rc1
rec-4.0.1
rec-4.0.2
rec-4.0.3
rec-4.0.4
rec-4.0.5
rec-4.0.5-rc1
rec-4.0.5-rc2
rec-4.0.6
rec-4.1.0
rec-4.1.1
rec-4.1.2
rec-4.1.3
rec-4.1.4
rec-4.1.5
rec-4.1.6

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3871.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "28"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "29"
            }
        ]
    }
]