CVE-2019-3807

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-3807

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3807.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-3807

Related

Published

2019-01-29T17:29:00Z

Modified

2024-09-11T04:30:40.254003Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.

References

Affected packages

Debian:11 / pdns-recursor

Package

Name: pdns-recursor
Purl: pkg:deb/debian/pdns-recursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.1.9-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / pdns-recursor

Package

Name: pdns-recursor
Purl: pkg:deb/debian/pdns-recursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.1.9-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / pdns-recursor

Package

Name: pdns-recursor
Purl: pkg:deb/debian/pdns-recursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.1.9-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/powerdns/pdns

Affected ranges

Type: GIT
Repo: https://github.com/powerdns/pdns
Events: Introduced

80da1b4773cbdad76755b01c70739059d6f607af

Last affected

e412a949491886c13854587bbd06fa90ceb3a326

Affected versions

rec-4.*

rec-4.1.0

rec-4.1.1

rec-4.1.2

rec-4.1.3

rec-4.1.4

rec-4.1.5

rec-4.1.6

rec-4.1.7

rec-4.1.8