DEBIAN-CVE-2019-3806

DEBIAN-CVE-2019-3806 PUBLISHED CVSS 8.100000381469727 HIGH

An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.

Risk Scores

CVSS v3.1

8.100000381469727

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:11	pdns-recursor	0, 0, 0
Debian:12	pdns-recursor	0, 0, 0
Debian:14	pdns-recursor	0, 0, 0
Debian:13	pdns-recursor	0, 0, 0

Timeline

Jan 29, 2019 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2019-3806 advisory

Open in Interactive Console →