CVE-2025-30193

EPSS 0.07%
Veröffentlicht 20.05.2025 11:17:17
Zuletzt bearbeitet 21.05.2025 20:25:16
Quelle security@open-xchange.com
Teams Watchlist Login
Unerledigt Login

In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of service.

The remedy is: upgrade to the patched 1.9.10 version.

A workaround is to restrict the maximum number of queries on incoming TCP connections to a safe value, like 50, via the setMaxTCPQueriesPerConnection setting.

We would like to thank Renaud Allard for bringing this issue to our attention.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerPowerDNS

≫

Produkt DNSdist

Default Statusaffected

Version 1.9.10

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.227

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@open-xchange.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-674 Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-03.html

https://nvd.nist.gov/vuln/detail/CVE-2025-30193

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-30193

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-30193

EUVD