CVE-2019-3806
5.4
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H
Summary
An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Power DNS | pdns-recursor | versions after 4.1.3 before 4.1.9 | affected |
Weaknesses
- CWE-358: CWE-358
ADP Enrichment
CVE Program Container
Additional References
- https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-01.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3806
References
- https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-01.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3806
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.