VulnerableCode Package Details - pkg:alpm/archlinux/powerdns-recursor@4.1.8-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-2hee-f8gq-rycf Aliases: CVE-2019-3807	An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.	4.1.9-1 Affected by 0 other vulnerabilities.
VCID-vua1-5kz6-hban Aliases: CVE-2019-3806	An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.	4.1.9-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-2hee-f8gq-rycf
Aliases:
CVE-2019-3807

An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.

4.1.9-1
Affected by 0 other vulnerabilities.

VCID-vua1-5kz6-hban
Aliases:
CVE-2019-3806

An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.

4.1.9-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-d4km-jg6b-2kh3	An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.	CVE-2018-16855

Vulnerability

Summary

Aliases

VCID-d4km-jg6b-2kh3

An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.

CVE-2018-16855

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-06T05:35:35.395534+00:00	Arch Linux Importer	Fixing	VCID-d4km-jg6b-2kh3	https://security.archlinux.org/AVG-821	38.1.0
2026-04-06T05:35:35.368775+00:00	Arch Linux Importer	Affected by	VCID-vua1-5kz6-hban	https://security.archlinux.org/AVG-856	38.1.0
2026-04-06T05:35:35.344595+00:00	Arch Linux Importer	Affected by	VCID-2hee-f8gq-rycf	https://security.archlinux.org/AVG-856	38.1.0
2026-04-01T18:27:03.388282+00:00	Arch Linux Importer	Fixing	VCID-d4km-jg6b-2kh3	https://security.archlinux.org/AVG-821	38.0.0
2026-04-01T18:27:02.993386+00:00	Arch Linux Importer	Affected by	VCID-vua1-5kz6-hban	https://security.archlinux.org/AVG-856	38.0.0
2026-04-01T18:27:02.964200+00:00	Arch Linux Importer	Affected by	VCID-2hee-f8gq-rycf	https://security.archlinux.org/AVG-856	38.0.0