VDB
CVE-2019-3807
CVE-2019-3807
PUBLISHED
An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.
EPSS 0.01% · 1.0th percentile
Risk Scores
EPSS Score
0.01%
1.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | pdns-recursor | 0, 3.7.3-1, 4.0.0~alpha1-1 |
| Ubuntu:Pro:18.04:LTS | pdns-recursor | 4.0.6-1build1, 4.0.6-1, 4.0.7-1 |
Timeline
- Jan 29, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-3807 third-party-advisory
- https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-02.html third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-3807 third-party-advisory