CVE-2019-3807
LOWPowerDNS Recursor 4.1.0-4.1.8 - Improper Certificate Validation
Title source: llmDescription
An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-02.html
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3807
Scores
CVSS v3
3.7
EPSS
0.0036
EPSS Percentile
27.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
Details
CWE
CWE-295
CWE-345
Status
published
Products (1)
powerdns/recursor
4.1.0 - 4.1.8
Published
Jan 29, 2019
Tracked Since
Feb 18, 2026