7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
PowerDNS Security Advisory reports:
When incoming DNS over HTTPS support is enabled using the nghttp2 provider,
and queries are routed to a tcp-only or DNS over TLS backend, an attacker can
trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR
or IXFR) over DNS over HTTPS, causing the process to stop and thus leading to a
Denial of Service. DNS over HTTPS is not enabled by default, and backends are using
plain DNS (Do53) by default.
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%