CVE-2019-3806

Published Jan 29, 2019

Last updated 4 years ago

Overview

Description
An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.
Source
secalert@redhat.com
NVD status
Analyzed

Social media

Hype score
Not currently trending

Risk scores

CVSS 3.1

Type
Primary
Base score
8.1
Impact score
5.9
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

CVSS 3.0

Type
Secondary
Base score
5.4
Impact score
4.2
Exploitability score
1.2
Vector string
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H
Severity
MEDIUM

CVSS 2.0

Type
Primary
Base score
6.8
Impact score
6.4
Exploitability score
8.6
Vector string
AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo
secalert@redhat.com
CWE-358

Configurations