CVE-2025-30194
- EPSS 0.26%
- Veröffentlicht 29.04.2025 11:25:47
- Zuletzt bearbeitet 15.04.2026 00:35:42
When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service. The reme...
CVE-2024-25581
- EPSS 0.01%
- Veröffentlicht 14.05.2024 15:05:29
- Zuletzt bearbeitet 15.04.2026 00:35:42
When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) ...
CVE-2018-14663
- EPSS 0.02%
- Veröffentlicht 26.11.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 03:49:32
An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the t...
CVE-2016-7069
- EPSS 0.02%
- Veröffentlicht 11.09.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 02:57:23
An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to ...
CVE-2017-7557
- EPSS 0%
- Veröffentlicht 22.08.2017 14:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.