CVE-2026-33595

🗓️ 22 Apr 2026 13:47:55Reported by OXType

Excessive memory use from many error responses on a single DoQ and DoH3 connection.

Reporter	Title	Published	Views	Family All 19
AlpineLinux	CVE-2026-33595	22 Apr 202613:47	–	alpinelinux
CNNVD	PowerDNS DNSdist 安全漏洞	22 Apr 202600:00	–	cnnvd
Cvelist	CVE-2026-33595 DoQ/DoH3 excessive memory allocation	22 Apr 202613:47	–	cvelist
Debian	[SECURITY] [DSA 6235-1] dnsdist security update	28 Apr 202619:03	–	debian
Debian CVE	CVE-2026-33595	22 Apr 202613:47	–	debiancve
Tenable Nessus	Debian dsa-6235 : dnsdist - security update	29 Apr 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-33595	22 Apr 202600:00	–	nessus
EUVD	EUVD-2026-24933	22 Apr 202615:31	–	euvd
NVD	CVE-2026-33595	22 Apr 202614:16	–	nvd
OPENSUSE Linux	dnsdist-2.0.5-1.1 on GA media (moderate)	29 Apr 202600:00	–	opensuse

NVD

Node

powerdns dnsdistRange1.9.0–1.9.13

powerdns dnsdistRange2.0.0–2.0.4

[
  {
    "vendor": "PowerDNS",
    "product": "DNSdist",
    "collectionURL": "https://repo.powerdns.com/",
    "packageName": "dnsdist",
    "repo": "https://github.com/PowerDNS/pdns",
    "modules": [
      "DNS over QUIC",
      "DNS over HTTP3"
    ],
    "programFiles": [
      "doq.cc",
      "doh3.cc"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "1.9.0",
        "lessThan": "1.9.13",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "2.0.0",
        "lessThan": "2.0.4",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
dnsdist	www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html

24 Apr 2026 18:49Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.15.3 - 7.5

EPSS0.00005

SSVC

CWE-770