CVE-2019-3806 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-3806 Interim 1 16 2025-02-17T02:21:15Z current 2021-05-30T14:22:38Z 2025-02-17T02:21:15Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-3806 An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LWT54KXW3PC2R7C5X6T7EOO7G2AIPPBJ/#LWT54KXW3PC2R7C5X6T7EOO7G2AIPPBJ E-Mail link for openSUSE-SU-2019:0131-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 12 SP1 openSUSE Tumbleweed pdns-recursor-4.1.10-16.1 pdns-recursor-4.5.5-1.3 pdns-recursor-4.1.10-16.1 as a component of SUSE Package Hub 12 SP1 pdns-recursor-4.5.5-1.3 as a component of openSUSE Tumbleweed An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua. CVE-2019-3806 SUSE Package Hub 12 SP1:pdns-recursor-4.1.10-16.1 openSUSE Tumbleweed:pdns-recursor-4.5.5-1.3 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H