GoogleOSV:CVE-2019-3806

HistoryJan 29, 2019 - 5:29 p.m.

CVE-2019-3806

2019-01-2917:29:00

Google

osv.dev

AI Score

6.8

Confidence

Low

EPSS

0.002

Percentile

55.4%

JSON

An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.

References

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3806

docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-01.html