CVE-2019-3807
9.8
CRITICAL
CVSS 3.1
EPSS 0.01%
Description
An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.
How to fix CVE-2019-3807
To remediate CVE-2019-3807, upgrade the affected package to a fixed version below.
- Debian/pdns-recursor—upgrade to 4.1.9-1 or later
Is CVE-2019-3807 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.1.9-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |