rpm package
opensuse/dnsdist&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/dnsdist&distro=openSUSE%20Tumbleweed
Vulnerabilities (20)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-33602 | Med | 6.5 | < 2.0.5-1.1 | 2.0.5-1.1 | Apr 22, 2026 | A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service. | |
| CVE-2026-33599 | Low | 3.1 | < 2.0.5-1.1 | 2.0.5-1.1 | Apr 22, 2026 | A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade (Lua) option to newServer or auto_upgrade (YAML) settings. DDR upgrade is not enabled by default. | |
| CVE-2026-33598 | Med | 4.8 | < 2.0.5-1.1 | 2.0.5-1.1 | Apr 22, 2026 | A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on a packet cache. | |
| CVE-2026-33597 | Low | 3.7 | < 2.0.5-1.1 | 2.0.5-1.1 | Apr 22, 2026 | PRSD detection denial of service | |
| CVE-2026-33596 | Low | 3.1 | < 2.0.5-1.1 | 2.0.5-1.1 | Apr 22, 2026 | A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DNS over TLS backend. | |
| CVE-2026-33595 | Med | 5.3 | < 2.0.5-1.1 | 2.0.5-1.1 | Apr 22, 2026 | A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection. | |
| CVE-2026-33594 | Med | 5.3 | < 2.0.5-1.1 | 2.0.5-1.1 | Apr 22, 2026 | A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released until the end of the connection. | |
| CVE-2026-33593 | Hig | 7.5 | < 2.0.5-1.1 | 2.0.5-1.1 | Apr 22, 2026 | A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query. | |
| CVE-2026-33254 | Med | 5.3 | < 2.0.5-1.1 | 2.0.5-1.1 | Apr 22, 2026 | An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default. | |
| CVE-2026-33260 | Med | 5.3 | < 2.0.5-1.1 | 2.0.5-1.1 | Apr 22, 2026 | An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. | |
| CVE-2026-33257 | Med | 5.3 | < 2.0.5-1.1 | 2.0.5-1.1 | Apr 22, 2026 | An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. | |
| CVE-2026-27854 | Med | 4.8 | < 2.0.3-1.1 | 2.0.3-1.1 | Mar 31, 2026 | An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOptions might refer to a version of the DNS packet that has been modified, thus trigg | |
| CVE-2026-24030 | Med | 5.3 | < 2.0.3-1.1 | 2.0.3-1.1 | Mar 31, 2026 | An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connectio | |
| CVE-2026-24028 | Med | 5.3 | < 2.0.3-1.1 | 2.0.3-1.1 | Mar 31, 2026 | An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leadi | |
| CVE-2026-0396 | Low | 3.1 | < 2.0.3-1.1 | 2.0.3-1.1 | Mar 31, 2026 | An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI. | |
| CVE-2025-8671 | Hig | 7.5 | < 2.0.2-1.1 | 2.0.2-1.1 | Aug 13, 2025 | A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service (DoS). By opening streams and then rapidly | |
| CVE-2025-30194 | Hig | 7.5 | < 1.9.10-2.1 | 1.9.10-2.1 | Apr 29, 2025 | When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched | |
| CVE-2024-25581 | Hig | 7.5 | < 1.9.4-1.1 | 1.9.4-1.1 | May 14, 2024 | When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing t | |
| CVE-2018-14663 | — | < 1.8.0~rc1-1.1 | 1.8.0~rc1-1.1 | Nov 26, 2018 | An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to | ||
| CVE-2016-7069 | Med | 5.9 | < 1.8.0~rc1-1.1 | 1.8.0~rc1-1.1 | Sep 11, 2018 | An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding t |
- affected < 2.0.5-1.1fixed 2.0.5-1.1
A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service.
- affected < 2.0.5-1.1fixed 2.0.5-1.1
A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade (Lua) option to newServer or auto_upgrade (YAML) settings. DDR upgrade is not enabled by default.
- affected < 2.0.5-1.1fixed 2.0.5-1.1
A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on a packet cache.
- affected < 2.0.5-1.1fixed 2.0.5-1.1
PRSD detection denial of service
- affected < 2.0.5-1.1fixed 2.0.5-1.1
A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DNS over TLS backend.
- affected < 2.0.5-1.1fixed 2.0.5-1.1
A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection.
- affected < 2.0.5-1.1fixed 2.0.5-1.1
A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released until the end of the connection.
- affected < 2.0.5-1.1fixed 2.0.5-1.1
A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.
- affected < 2.0.5-1.1fixed 2.0.5-1.1
An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default.
- affected < 2.0.5-1.1fixed 2.0.5-1.1
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
- affected < 2.0.5-1.1fixed 2.0.5-1.1
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
- affected < 2.0.3-1.1fixed 2.0.3-1.1
An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOptions might refer to a version of the DNS packet that has been modified, thus trigg
- affected < 2.0.3-1.1fixed 2.0.3-1.1
An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connectio
- affected < 2.0.3-1.1fixed 2.0.3-1.1
An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leadi
- affected < 2.0.3-1.1fixed 2.0.3-1.1
An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI.
- affected < 2.0.2-1.1fixed 2.0.2-1.1
A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service (DoS). By opening streams and then rapidly
- affected < 1.9.10-2.1fixed 1.9.10-2.1
When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched
- affected < 1.9.4-1.1fixed 1.9.4-1.1
When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing t
- CVE-2018-14663Nov 26, 2018affected < 1.8.0~rc1-1.1fixed 1.8.0~rc1-1.1
An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to
- affected < 1.8.0~rc1-1.1fixed 1.8.0~rc1-1.1
An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding t