CVE-2019-3807 — Insufficient Verification of Data Authenticity in Recursor

CWE-345 — Insufficient Verification of Data Authenticity CWE-295 — Improper Certificate Validation8 documents6 sources

Severity

9.8CRITICALNVD

CNA3.7

EPSS

0.0%

top 99.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Powerdns Recursor Power DNS Pdns-recursor

Timeline

PublishedJan 29

Latest updateMay 13

Description

An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDpowerdns/recursor4.1.0 — 4.1.8

▶CVEListV5power_dns/pdns-recursorversions 4.1.x before 4.1.9

🔴Vulnerability Details

GHSA

GHSA-3h27-2wg2-w59m: An issue has been found in PowerDNS Recursor versions 4↗2022-05-13

▶

CVEList

CVE-2019-3807: An issue has been found in PowerDNS Recursor versions 4↗2019-01-29

▶

OSV

CVE-2019-3807: An issue has been found in PowerDNS Recursor versions 4↗2019-01-29

▶

📋Vendor Advisories

Debian

CVE-2019-3807: pdns-recursor - An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where r...↗2019

▶

💬Community

Bugzilla

CVE-2019-3806 CVE-2019-3807 pdns-recursor: various flaws [fedora-all]↗2019-01-25

▶

Bugzilla

CVE-2019-3806 CVE-2019-3807 pdns-recursor: various flaws [epel-all]↗2019-01-25

▶

Bugzilla

CVE-2019-3807 pdns-recursor: Insufficient validation of DNSSEC signature↗2019-01-24

▶