CVE-2019-3806
HIGHPowerDNS Recursor >=4.1.3 <4.1.9 - Privilege Escalation
Title source: llmDescription
An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-01.html
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3806
Scores
CVSS v3
8.1
EPSS
0.0146
EPSS Percentile
70.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-358
Status
published
Products (1)
powerdns/recursor
4.1.4 - 4.1.9
Published
Jan 29, 2019
Tracked Since
Feb 18, 2026