VDB
CVE-2019-3806
CVE-2019-3806
PUBLISHED
An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.
EPSS 0.06% · 18.2th percentile
Risk Scores
EPSS Score
0.06%
18.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:18.04:LTS | pdns-recursor | 4.0.6-1, 4.0.6-1build1, 4.0.7-1 |
| Ubuntu:Pro:16.04:LTS | pdns-recursor | 0, 4.0.0~alpha1-1, 4.0.0~alpha1-2 |
Timeline
- Jan 29, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-3806 third-party-advisory
- https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-01.html third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-3806 third-party-advisory