VYPR

Dnsdist

by PowerDNS

CVEs (25)

  • CVE-2017-7557HigAug 22, 2017
    risk 0.57cvss 8.8epss 0.01

    dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.

  • CVE-2026-33593HigApr 22, 2026
    risk 0.49cvss 7.5epss 0.00

    A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.

  • CVE-2025-30193HigMay 20, 2025
    risk 0.49cvss 7.5epss 0.01

    In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist,…

  • CVE-2025-30194HigApr 29, 2025
    risk 0.49cvss 7.5epss 0.02

    When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched…

  • CVE-2024-25581HigMay 14, 2024
    risk 0.49cvss 7.5epss 0.01

    When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing…

  • CVE-2026-33602MedApr 22, 2026
    risk 0.42cvss 6.5epss 0.01

    A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service.

  • CVE-2026-24029MedMar 31, 2026
    risk 0.42cvss 6.5epss 0.00

    When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL.

  • CVE-2016-7069MedSep 11, 2018
    risk 0.39cvss 5.9epss 0.05

    An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding…

  • CVE-2026-27853MedMar 31, 2026
    risk 0.38cvss 5.9epss 0.00

    An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and…

  • CVE-2026-33595MedApr 22, 2026
    risk 0.34cvss 5.3epss 0.00

    A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection.

  • CVE-2026-33594MedApr 22, 2026
    risk 0.34cvss 5.3epss 0.00

    A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released until the end of the connection.

  • CVE-2026-33254MedApr 22, 2026
    risk 0.34cvss 5.3epss 0.00

    An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default.

  • CVE-2026-33260MedApr 22, 2026
    risk 0.34cvss 5.3epss 0.01

    An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

  • CVE-2026-33257MedApr 22, 2026
    risk 0.34cvss 5.3epss 0.01

    An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

  • CVE-2026-24030MedMar 31, 2026
    risk 0.34cvss 5.3epss 0.01

    An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC…

  • CVE-2026-24028MedMar 31, 2026
    risk 0.34cvss 5.3epss 0.01

    An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory,…

  • CVE-2026-33598MedApr 22, 2026
    risk 0.31cvss 4.8epss 0.01

    A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on a packet cache.

  • CVE-2026-27854MedMar 31, 2026
    risk 0.31cvss 4.8epss 0.00

    An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOptions might refer to a version of the DNS packet that has been modified, thus…

  • CVE-2026-33597LowApr 22, 2026
    risk 0.24cvss 3.7epss 0.00

    PRSD detection denial of service

  • CVE-2025-30187LowSep 18, 2025
    risk 0.24cvss 3.7epss 0.00

    In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption…

Page 1 of 2