Upstream information
Description
An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 6.8 |
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
| National Vulnerability Database | |
|---|---|
| Base Score | 8.1 |
| Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Attack Vector | Network |
| Attack Complexity | High |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | High |
| Integrity Impact | High |
| Availability Impact | High |
| CVSSv3 Version | 3.1 |
SUSE Security Advisories:
- openSUSE-SU-2019:0131-1, published Fri Dec 8 15:48:41 2023
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Package Hub 12 SP1 |
| Patchnames: openSUSE-2019-131 |
| openSUSE Tumbleweed |
| Patchnames: openSUSE Tumbleweed GA pdns-recursor-4.5.5-1.3 |
SUSE Timeline for this CVE
CVE page created: Tue Jan 15 20:31:40 2019CVE page last modified: Wed Apr 17 17:11:08 2024