Low severity3.7NVD Advisory· Published Sep 18, 2025· Updated Apr 15, 2026
CVE-2025-30187
CVE-2025-30187
Description
In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- osv-coords4 versionspkg:rpm/opensuse/dnsdist&distro=openSUSE%20Leap%2016.0pkg:rpm/suse/dnsdist&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/dnsdist&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/dnsdist&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 1.9.11-160000.1.1+ 3 more
- (no CPE)range: < 1.9.11-160000.1.1
- (no CPE)range: < 1.9.11-150700.3.6.1
- (no CPE)range: < 1.9.11-160000.1.1
- (no CPE)range: < 1.9.11-160000.1.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.