CVE-2019-3806

HIGH

PowerDNS Recursor >=4.1.3 <4.1.9 - Privilege Escalation

Title source: llm

Description

An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.

References (2)

[Vendor Advisory] https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-01.html

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3806

Scores

CVSS v3 8.1

EPSS 0.0002

EPSS Percentile 6.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-358

Status published

Products (1)

powerdns/recursor 4.1.4 - 4.1.9

Published Jan 29, 2019

Tracked Since Feb 18, 2026