Unrated severityNVD Advisory· Published Jan 29, 2019· Updated Aug 4, 2024

CVE-2019-3806

Description

An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.

Affected products

osv-coords2 versions
pkg:rpm/opensuse/pdns-recursor&distro=openSUSE%20Tumbleweed pkg:rpm/suse/pdns-recursor&distro=SUSE%20Package%20Hub%2012%20SP1
< 4.5.5-1.3+ 1 more
- (no CPE)range: < 4.5.5-1.3
- (no CPE)range: < 4.1.10-16.1
Power DNS/pdns-recursorv5
Range: versions after 4.1.3 before 4.1.9

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-01.htmlmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000