CVE-2019-3806Improperly Implemented Security Check for Standard in Recursor

CWE-358Improperly Implemented Security Check for Standard8 documents6 sources
Severity
8.1HIGHNVD
EPSS
0.0%
top 93.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Powerdns RecursorPower DNS Pdns-recursor
Timeline
PublishedJan 29
Latest updateMay 13

Description

An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

NVDpowerdns/recursor4.1.44.1.9
CVEListV5power_dns/pdns-recursorversions after 4.1.3 before 4.1.9

🔴Vulnerability Details

3
GHSA
GHSA-3jqp-f4vw-9c87: An issue has been found in PowerDNS Recursor versions after 42022-05-13
CVEList
CVE-2019-3806: An issue has been found in PowerDNS Recursor versions after 42019-01-29
OSV
CVE-2019-3806: An issue has been found in PowerDNS Recursor versions after 42019-01-29

📋Vendor Advisories

1
Debian
CVE-2019-3806: pdns-recursor - An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 w...2019

💬Community

3
Bugzilla
CVE-2019-3806 CVE-2019-3807 pdns-recursor: various flaws [fedora-all]2019-01-25
Bugzilla
CVE-2019-3806 CVE-2019-3807 pdns-recursor: various flaws [epel-all]2019-01-25
Bugzilla
CVE-2019-3806 pdns-recursor: Lua hooks are not applied in certain configuration2019-01-25
CVE-2019-3806 — Powerdns Recursor vulnerability | cvebase