Unrated severityNVD Advisory· Published Jan 29, 2019· Updated Aug 4, 2024

CVE-2019-3807

Description

An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.

Affected products

osv-coords3 versions
pkg:rpm/opensuse/pdns-recursor&distro=openSUSE%20Tumbleweed pkg:rpm/suse/pdns-recursor&distro=SUSE%20Package%20Hub%2012%20SP1 pkg:rpm/suse/pdns-recursor&distro=SUSE%20Package%20Hub%2015
< 4.5.5-1.3+ 2 more
- (no CPE)range: < 4.5.5-1.3
- (no CPE)range: < 4.1.10-16.1
- (no CPE)range: < 4.1.2-bp150.2.6.1
Power DNS/pdns-recursorv5
Range: versions 4.1.x before 4.1.9

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-02.htmlmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000