PT-2019-16733 · Powerdns+1 · Powerdns Recursor+1

George Thessalonikefs

Published

2019-01-23

Updated

2024-06-15

CVE-2019-3807

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PowerDNS Recursor versions 4.1.x through 4.1.8

Description An issue has been found where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.

Recommendations For PowerDNS Recursor versions 4.1.x through 4.1.8, update to version 4.1.9 or later to resolve the issue.

Fix

Insufficient Verification of Data Authenticity

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345CWE-295

Related Identifiers

CVE-2019-3807

MGASA-2019-0051

OPENSUSE-SU-2019:0100-1

OPENSUSE-SU-2019:0107-1

OPENSUSE-SU-2019:0131-1

OPENSUSE-SU-2019_0100-1

OPENSUSE-SU-2024:11157-1

Affected Products

Powerdns Recursor

Suse

PT-2019-16733 · Powerdns+1 · Powerdns Recursor+1

CVE-2019-3807

Weakness Enumeration

Related Identifiers

Affected Products

References · 40