CVE-2019-3871

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-3871
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3871.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-3871
Downstream
Related
Published
2019-03-21T21:29:00.700Z
Modified
2026-02-03T07:05:01.648642Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response

References

Affected packages

Git / github.com/powerdns/pdns

Affected ranges

Type
GIT
Repo
https://github.com/powerdns/pdns
Events
Fixed
1e61e68fdd6f0937240da46e48434c2fd073bf44
Introduced
80da1b4773cbdad76755b01c70739059d6f607af
Fixed
8c7029b6158e119f1e8317a5af5f147547a23fa2

Affected versions

rec-4.*
rec-4.1.0
rec-4.1.1
rec-4.1.2
rec-4.1.3
rec-4.1.4
rec-4.1.5
rec-4.1.6

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3871.json"