Refine your search
11 vulnerabilities found for DNSdist by PowerDNS
CVE-2026-27854 (GCVE-0-2026-27854)
Vulnerability from cvelistv5
Published
2026-03-31 12:06
Modified
2026-04-02 13:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use After Free
Summary
An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOptions might refer to a version of the DNS packet that has been modified, thus triggering a use-after-free and potentially a crash resulting in denial of service.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27854",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T13:12:37.483504Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T13:12:40.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.powerdns.com/",
"defaultStatus": "unaffected",
"modules": [
"EDNS options cache"
],
"packageName": "dnsdist",
"product": "DNSdist",
"programFiles": [
"dnsdist.hh"
],
"repo": "https://github.com/PowerDNS/pdns",
"vendor": "PowerDNS",
"versions": [
{
"lessThan": "1.9.12",
"status": "affected",
"version": "1.9.0",
"versionType": "semver"
},
{
"lessThan": "2.0.3",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Naoki Wakamatsu"
}
],
"datePublic": "2026-03-30T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOptions might refer to a version of the DNS packet that has been modified, thus triggering a use-after-free and potentially a crash resulting in denial of service.\u003c/p\u003e"
}
],
"value": "An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOptions might refer to a version of the DNS packet that has been modified, thus triggering a use-after-free and potentially a crash resulting in denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T13:46:22.087Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use after free when parsing EDNS options in Lua",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2026-27854",
"datePublished": "2026-03-31T12:06:46.648Z",
"dateReserved": "2026-02-24T08:46:09.373Z",
"dateUpdated": "2026-04-02T13:46:22.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27853 (GCVE-0-2026-27853)
Vulnerability from cvelistv5
Published
2026-03-31 12:04
Modified
2026-03-31 13:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Out-of-bounds Write
Summary
An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535 bytes, potentially leading to a crash resulting in denial of service.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27853",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T13:14:03.664956Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T13:17:25.025Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.powerdns.com/",
"defaultStatus": "unaffected",
"modules": [
"DNS packet writer"
],
"packageName": "dnsdist",
"product": "DNSdist",
"programFiles": [
"dnswriter.cc"
],
"repo": "https://github.com/PowerDNS/pdns",
"vendor": "PowerDNS",
"versions": [
{
"lessThan": "1.9.12",
"status": "affected",
"version": "1.9.0",
"versionType": "semver"
},
{
"lessThan": "2.0.3",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ilya rozentsvaig"
}
],
"datePublic": "2026-03-30T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535 bytes, potentially leading to a crash resulting in denial of service.\u003c/p\u003e"
}
],
"value": "An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535 bytes, potentially leading to a crash resulting in denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T12:04:23.419Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds write when rewriting large DNS packets",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2026-27853",
"datePublished": "2026-03-31T12:04:23.419Z",
"dateReserved": "2026-02-24T08:46:09.373Z",
"dateUpdated": "2026-03-31T13:17:25.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24030 (GCVE-0-2026-24030)
Vulnerability from cvelistv5
Published
2026-03-31 12:01
Modified
2026-03-31 13:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Uncontrolled Memory Allocation
Summary
An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connection is properly closed, but in some cases the system might enter an out-of-memory state instead and terminate the process.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24030",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T13:14:53.937284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T13:14:57.345Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.powerdns.com/",
"defaultStatus": "unaffected",
"modules": [
"Incoming DNS over QUIC",
"Incoming DNS over HTTP/3"
],
"packageName": "dnsdist",
"product": "DNSdist",
"programFiles": [
"doq.cc",
"doh3.cc"
],
"repo": "https://github.com/PowerDNS/pdns",
"vendor": "PowerDNS",
"versions": [
{
"lessThan": "1.9.12",
"status": "affected",
"version": "1.9.0",
"versionType": "semver"
},
{
"lessThan": "2.0.3",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "XavLimSG"
}
],
"datePublic": "2026-03-30T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connection is properly closed, but in some cases the system might enter an out-of-memory state instead and terminate the process.\u003c/p\u003e"
}
],
"value": "An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connection is properly closed, but in some cases the system might enter an out-of-memory state instead and terminate the process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Uncontrolled Memory Allocation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T12:01:00.883Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unbounded memory allocation for DoQ and DoH3",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2026-24030",
"datePublished": "2026-03-31T12:01:00.883Z",
"dateReserved": "2026-01-20T14:56:25.872Z",
"dateUpdated": "2026-03-31T13:14:57.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24029 (GCVE-0-2026-24029)
Vulnerability from cvelistv5
Published
2026-03-31 11:59
Modified
2026-03-31 13:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Incorrect Authorization
Summary
When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24029",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T13:15:34.638851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T13:15:37.448Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.powerdns.com/",
"defaultStatus": "unaffected",
"modules": [
"Incoming DNS over HTTPS"
],
"packageName": "dnsdist",
"product": "DNSdist",
"programFiles": [
"dnsdist-nghttp2-in.cc"
],
"repo": "https://github.com/PowerDNS/pdns",
"vendor": "PowerDNS",
"versions": [
{
"lessThan": "1.9.12",
"status": "affected",
"version": "1.9.0",
"versionType": "semver"
},
{
"lessThan": "2.0.3",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Surya Narayan Kushwaha (aka Cavid)"
}
],
"datePublic": "2026-03-30T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWhen the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL.\u003c/p\u003e"
}
],
"value": "When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T11:59:12.903Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "DNS over HTTPS ACL bypass",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2026-24029",
"datePublished": "2026-03-31T11:59:12.903Z",
"dateReserved": "2026-01-20T14:56:25.872Z",
"dateUpdated": "2026-03-31T13:15:37.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24028 (GCVE-0-2026-24028)
Vulnerability from cvelistv5
Published
2026-03-31 11:57
Modified
2026-03-31 13:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer Over-read
Summary
An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential information disclosure.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24028",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T13:18:03.818786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T13:18:41.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.powerdns.com/",
"defaultStatus": "unaffected",
"modules": [
"Lua DNS parser"
],
"packageName": "dnsdist",
"product": "DNSdist",
"programFiles": [
"dnsparser.hh"
],
"repo": "https://github.com/PowerDNS/pdns",
"vendor": "PowerDNS",
"versions": [
{
"lessThan": "1.9.12",
"status": "affected",
"version": "1.9.0",
"versionType": "semver"
},
{
"lessThan": "2.0.3",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Naoki Wakamatsu"
}
],
"datePublic": "2026-03-30T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential information disclosure.\u003c/p\u003e"
}
],
"value": "An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential information disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T11:57:26.914Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds read when parsing DNS packets via Lua",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2026-24028",
"datePublished": "2026-03-31T11:57:26.914Z",
"dateReserved": "2026-01-20T14:56:25.872Z",
"dateUpdated": "2026-03-31T13:18:41.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0397 (GCVE-0-2026-0397)
Vulnerability from cvelistv5
Published
2026-03-31 11:53
Modified
2026-03-31 13:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Overly Permissive Cross-domain Whitelist
Summary
When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration of the Cross-Origin Resource Sharing (CORS) policy.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T13:19:54.934769Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942 Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T13:20:22.473Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.powerdns.com/",
"defaultStatus": "unaffected",
"modules": [
"Internal Web Server"
],
"packageName": "dnsdist",
"product": "DNSdist",
"programFiles": [
"dnsdist-web.cc"
],
"repo": "https://github.com/PowerDNS/pdns",
"vendor": "PowerDNS",
"versions": [
{
"lessThan": "1.9.12",
"status": "affected",
"version": "1.9.0",
"versionType": "semver"
},
{
"lessThan": "2.0.3",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Surya Narayan Kushwaha (aka Cavid)"
}
],
"datePublic": "2026-03-30T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWhen the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration of the Cross-Origin Resource Sharing (CORS) policy.\u003c/p\u003e"
}
],
"value": "When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration of the Cross-Origin Resource Sharing (CORS) policy."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Overly Permissive Cross-domain Whitelist",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T11:53:13.444Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information disclosure via CORS misconfiguration",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2026-0397",
"datePublished": "2026-03-31T11:53:13.444Z",
"dateReserved": "2025-11-28T09:18:06.484Z",
"dateUpdated": "2026-03-31T13:20:22.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0396 (GCVE-0-2026-0396)
Vulnerability from cvelistv5
Published
2026-03-31 11:50
Modified
2026-03-31 13:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Summary
An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0396",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T13:21:05.454104Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T13:21:08.549Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.powerdns.com/",
"defaultStatus": "unaffected",
"modules": [
"Web Dashboard"
],
"packageName": "dnsdist",
"product": "DNSdist",
"programFiles": [
"html/local.js"
],
"repo": "https://github.com/PowerDNS/pdns",
"vendor": "PowerDNS",
"versions": [
{
"lessThan": "1.9.12",
"status": "affected",
"version": "1.9.0",
"versionType": "semver"
},
{
"lessThan": "2.0.3",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aisle Research"
}
],
"datePublic": "2026-03-30T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI.\u003c/p\u003e"
}
],
"value": "An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T11:50:51.442Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HTML injection in the web dashboard",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2026-0396",
"datePublished": "2026-03-31T11:50:51.442Z",
"dateReserved": "2025-11-28T09:18:05.355Z",
"dateUpdated": "2026-03-31T13:21:08.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-30187 (GCVE-0-2025-30187)
Vulnerability from cvelistv5
Published
2025-09-18 09:21
Modified
2025-11-04 21:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Summary
In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30187",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-18T13:38:54.571103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T14:03:26.359Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:09:56.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/18/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.powerdns.com/",
"defaultStatus": "unaffected",
"modules": [
"Incoming DoH via nghttp2"
],
"packageName": "dnsdnsdist",
"product": "DNSdist",
"programFiles": [
"dnsdist-nghttp2-in.cc"
],
"repo": "https://github.com/PowerDNS/pdns",
"vendor": "PowerDNS",
"versions": [
{
"lessThan": "1.9.11",
"status": "affected",
"version": "1.9.0",
"versionType": "semver"
},
{
"lessThan": "2.0.1",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-09-18T09:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources.\u003c/p\u003e"
}
],
"value": "In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T09:21:32.274Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-05.html"
}
],
"source": {
"advisory": "PowerDNS Security Advisory 2025-05",
"discovery": "EXTERNAL"
},
"title": "Denial of service via crafted DoH exchange in PowerDNS DNSdist",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2025-30187",
"datePublished": "2025-09-18T09:21:32.274Z",
"dateReserved": "2025-03-18T08:39:46.884Z",
"dateUpdated": "2025-11-04T21:09:56.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-30193 (GCVE-0-2025-30193)
Vulnerability from cvelistv5
Published
2025-05-20 11:17
Modified
2025-05-20 13:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-674 - Uncontrolled Recursion
Summary
In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of service.
The remedy is: upgrade to the patched 1.9.10 version.
A workaround is to restrict the maximum number of queries on incoming TCP connections to a safe value, like 50, via the setMaxTCPQueriesPerConnection setting.
We would like to thank Renaud Allard for bringing this issue to our attention.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30193",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-20T13:16:06.361581Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T13:16:34.707Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.powerdns.com/",
"defaultStatus": "affected",
"modules": [
"DNS over TCP"
],
"packageName": "dnsdist",
"product": "DNSdist",
"programFiles": [
"dnsdist-tcp.cc"
],
"repo": "https://github.com/PowerDNS/pdns",
"vendor": "PowerDNS",
"versions": [
{
"status": "unaffected",
"version": "1.9.10",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Renaud Allard"
}
],
"datePublic": "2025-05-20T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of service.\u003cbr\u003e\u003cbr\u003eThe remedy is: upgrade to the patched 1.9.10 version.\u003cbr\u003e\u003cbr\u003eA workaround is to restrict the maximum number of queries on incoming TCP connections to a safe value, like 50, via the setMaxTCPQueriesPerConnection setting.\u003cbr\u003e\u003cbr\u003eWe would like to thank Renaud Allard for bringing this issue to our attention.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of service.\n\nThe remedy is: upgrade to the patched 1.9.10 version.\n\nA workaround is to restrict the maximum number of queries on incoming TCP connections to a safe value, like 50, via the setMaxTCPQueriesPerConnection setting.\n\nWe would like to thank Renaud Allard for bringing this issue to our attention."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674 Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T11:17:17.378Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"url": "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-03.html"
}
],
"source": {
"advisory": "PowerDNS Security Advisory 2025-03",
"discovery": "EXTERNAL"
},
"title": "Denial of service via crafted TCP exchange",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2025-30193",
"datePublished": "2025-05-20T11:17:17.378Z",
"dateReserved": "2025-03-18T08:39:46.884Z",
"dateUpdated": "2025-05-20T13:16:34.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30194 (GCVE-0-2025-30194)
Vulnerability from cvelistv5
Published
2025-04-29 11:25
Modified
2025-06-20 15:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - User After Free
Summary
When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service.
The remedy is: upgrade to the patched 1.9.9 version.
A workaround is to temporarily switch to the h2o provider until DNSdist has been upgraded to a fixed version.
We would like to thank Charles Howes for bringing this issue to our attention.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-06-20T15:42:56.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/29/1"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-30194-detection-dnsdist-vulnerability"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-30194-mitigate-dnsdist-vulnerability"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30194",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T13:24:59.318458Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T13:25:09.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.powerdns.com/",
"defaultStatus": "unaffected",
"modules": [
"DNS over HTTPS"
],
"packageName": "dnsdist",
"product": "DNSdist",
"programFiles": [
"dnsdist-doh-common.hh"
],
"repo": "https://github.com/PowerDNS/pdns",
"vendor": "PowerDNS",
"versions": [
{
"lessThan": "1.9.9",
"status": "affected",
"version": "1.9.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Charles Howes"
}
],
"datePublic": "2025-04-29T10:17:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWhen DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service.\u003c/p\u003e\u003cp\u003eThe remedy is: upgrade to the patched 1.9.9 version.\u003c/p\u003e\u003cp\u003eA workaround is to temporarily switch to the h2o provider until DNSdist has been upgraded to a fixed version.\u003c/p\u003e\u003cp\u003eWe would like to thank Charles Howes for bringing this issue to our attention.\u003c/p\u003e"
}
],
"value": "When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service.\n\nThe remedy is: upgrade to the patched 1.9.9 version.\n\nA workaround is to temporarily switch to the h2o provider until DNSdist has been upgraded to a fixed version.\n\nWe would like to thank Charles Howes for bringing this issue to our attention."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 User After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T11:27:04.926Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"url": "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-02.html"
}
],
"source": {
"advisory": "PowerDNS Security Advisory 2025-02",
"discovery": "EXTERNAL"
},
"title": "Denial of service via crafted DoH exchange",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2025-30194",
"datePublished": "2025-04-29T11:25:47.141Z",
"dateReserved": "2025-03-18T08:39:46.884Z",
"dateUpdated": "2025-06-20T15:42:56.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25581 (GCVE-0-2024-25581)
Vulnerability from cvelistv5
Published
2024-05-13 11:49
Modified
2025-02-13 17:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing the process to stop and thus leading to a Denial of Service. DNS over HTTPS is not enabled by default, and backends are using plain DNS (Do53) by default.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:powerdns:dnsdist:1.9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dnsdist",
"vendor": "powerdns",
"versions": [
{
"status": "affected",
"version": "1.9.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:powerdns:dnsdist:1.9.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dnsdist",
"vendor": "powerdns",
"versions": [
{
"status": "affected",
"version": "1.9.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:powerdns:dnsdist:1.9.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dnsdist",
"vendor": "powerdns",
"versions": [
{
"status": "affected",
"version": "1.9.2"
}
]
},
{
"cpes": [
"cpe:2.3:a:powerdns:dnsdist:1.9.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dnsdist",
"vendor": "powerdns",
"versions": [
{
"status": "affected",
"version": "1.9.3"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25581",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-13T15:37:51.211764Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:35:35.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2024-03.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/05/13/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.powerdns.com/",
"defaultStatus": "unaffected",
"modules": [
"dns-over-https"
],
"packageName": "dnsdist",
"product": "DNSdist",
"repo": "https://github.com/PowerDNS/pdns",
"vendor": "PowerDNS",
"versions": [
{
"status": "affected",
"version": "1.9.0"
},
{
"status": "affected",
"version": "1.9.1"
},
{
"status": "affected",
"version": "1.9.2"
},
{
"status": "affected",
"version": "1.9.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Daniel Stirnimann from Switch"
}
],
"datePublic": "2024-05-13T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWhen incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing the process to stop and thus leading to a Denial of Service. DNS over HTTPS is not enabled by default, and backends are using plain DNS (Do53) by default.\u003c/p\u003e"
}
],
"value": "When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing the process to stop and thus leading to a Denial of Service. DNS over HTTPS is not enabled by default, and backends are using plain DNS (Do53) by default."
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T17:12:42.212Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"url": "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2024-03.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/05/13/1"
}
],
"source": {
"advisory": "PowerDNS Security Advisory 2024-03",
"discovery": "EXTERNAL"
},
"title": "Transfer requests received over DoH can lead to a denial of service in DNSdist",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOption 1: refuse incoming XFR requests via a DNSdist rule: addAction(OrRule({QTypeRule(DNSQType.AXFR), QTypeRule(DNSQType.IXFR)}), RCodeAction(DNSRCode.REFUSED)). Option 2: switch to the legacy h2o provider by setting library=\u0027h2o\u0027 in the addDOHLocal directive\u003c/p\u003e"
}
],
"value": "Option 1: refuse incoming XFR requests via a DNSdist rule: addAction(OrRule({QTypeRule(DNSQType.AXFR), QTypeRule(DNSQType.IXFR)}), RCodeAction(DNSRCode.REFUSED)). Option 2: switch to the legacy h2o provider by setting library=\u0027h2o\u0027 in the addDOHLocal directive"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2024-25581",
"datePublished": "2024-05-13T11:49:24.500Z",
"dateReserved": "2024-02-08T08:15:37.204Z",
"dateUpdated": "2025-02-13T17:40:49.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}