rpm package
suse/dnsdist&distro=SUSE Linux Enterprise Module for Basesystem 15 SP7
pkg:rpm/suse/dnsdist&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-27854 | Med | 4.8 | < 1.9.12-150700.3.9.1 | 1.9.12-150700.3.9.1 | Mar 31, 2026 | An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOptions might refer to a version of the DNS packet that has been modified, thus trigg | |
| CVE-2026-27853 | Med | 5.9 | < 1.9.12-150700.3.9.1 | 1.9.12-150700.3.9.1 | Mar 31, 2026 | An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and ev | |
| CVE-2026-24030 | Med | 5.3 | < 1.9.12-150700.3.9.1 | 1.9.12-150700.3.9.1 | Mar 31, 2026 | An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connectio | |
| CVE-2026-24029 | Med | 6.5 | < 1.9.12-150700.3.9.1 | 1.9.12-150700.3.9.1 | Mar 31, 2026 | When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL. | |
| CVE-2026-24028 | Med | 5.3 | < 1.9.12-150700.3.9.1 | 1.9.12-150700.3.9.1 | Mar 31, 2026 | An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leadi | |
| CVE-2026-0397 | Low | 3.1 | < 1.9.12-150700.3.9.1 | 1.9.12-150700.3.9.1 | Mar 31, 2026 | When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a | |
| CVE-2026-0396 | Low | 3.1 | < 1.9.12-150700.3.9.1 | 1.9.12-150700.3.9.1 | Mar 31, 2026 | An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI. | |
| CVE-2025-30187 | Low | 3.7 | < 1.9.11-150700.3.6.1 | 1.9.11-150700.3.6.1 | Sep 18, 2025 | In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption o | |
| CVE-2025-8671 | Hig | 7.5 | < 1.9.11-150700.3.6.1 | 1.9.11-150700.3.6.1 | Aug 13, 2025 | A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service (DoS). By opening streams and then rapidly | |
| CVE-2025-30193 | Hig | 7.5 | < 1.9.10-150700.3.3.1 | 1.9.10-150700.3.3.1 | May 20, 2025 | In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, caus | |
| CVE-2025-30194 | Hig | 7.5 | < 1.9.10-150700.3.3.1 | 1.9.10-150700.3.3.1 | Apr 29, 2025 | When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched |
- affected < 1.9.12-150700.3.9.1fixed 1.9.12-150700.3.9.1
An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOptions might refer to a version of the DNS packet that has been modified, thus trigg
- affected < 1.9.12-150700.3.9.1fixed 1.9.12-150700.3.9.1
An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and ev
- affected < 1.9.12-150700.3.9.1fixed 1.9.12-150700.3.9.1
An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connectio
- affected < 1.9.12-150700.3.9.1fixed 1.9.12-150700.3.9.1
When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL.
- affected < 1.9.12-150700.3.9.1fixed 1.9.12-150700.3.9.1
An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leadi
- affected < 1.9.12-150700.3.9.1fixed 1.9.12-150700.3.9.1
When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a
- affected < 1.9.12-150700.3.9.1fixed 1.9.12-150700.3.9.1
An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI.
- affected < 1.9.11-150700.3.6.1fixed 1.9.11-150700.3.6.1
In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption o
- affected < 1.9.11-150700.3.6.1fixed 1.9.11-150700.3.6.1
A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service (DoS). By opening streams and then rapidly
- affected < 1.9.10-150700.3.3.1fixed 1.9.10-150700.3.3.1
In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, caus
- affected < 1.9.10-150700.3.3.1fixed 1.9.10-150700.3.3.1
When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched