Merge branch 'CVE-2019-3807' of https://github.com/RedHatProductSecurity/cvelist

2025-06-08 22:18:26 +00:00 · 2019-01-29 11:16:16 -05:00 · 2019-01-29 11:16:16 -05:00 · 955197390f
commit 955197390f
parent d8981d58a0 985e230079
1 changed files with 74 additions and 16 deletions
--- a/2019/3xxx/CVE-2019-3807.json
+++ b/2019/3xxx/CVE-2019-3807.json
@ -1,18 +1,76 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2019-3807",
-      "STATE" : "RESERVED"
-   },
-   "data_format" : "MITRE",
    "data_type": "CVE",
+    "data_format": "MITRE",
    "data_version": "4.0",
-   "description" : {
-      "description_data" : [
+    "CVE_data_meta": {
+        "ID": "CVE-2019-3807",
+        "ASSIGNER": "psampaio@redhat.com"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
                {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+                    "vendor_name": "Power DNS",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "pdns-recursor",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "versions 4.1.x before 4.1.9"
                                        }
                                    ]
                                }
                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-345"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3807",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3807",
+                "refsource": "CONFIRM"
+            },
+            {
+                "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-02.html",
+                "name": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-02.html",
+                "refsource": "CONFIRM"
+            }
+        ]
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation."
+            }
+        ]
+    },
+    "impact": {
+        "cvss": [
+            [
+                {
+                    "vectorString": "3.7/CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
+                    "version": "3.0"
+                }
+            ]
+        ]
+    }
+}