Lucene search
K

Fedora 44 : dnsdist (2026-51cdd1292b)

🗓️ 14 Jun 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 9 Views

Fedora 44 dnsdist fixes several CVEs including DoQ/DoH3 DoS and web server memory issues.

Related
Refs
Code
ReporterTitlePublishedViews
Family
FreeBSD
PowerDNS -- vulnerabilities
16 Feb 202600:00
freebsd
ATTACKERKB
CVE-2026-33260
22 Apr 202609:39
attackerkb
ATTACKERKB
CVE-2026-33257
22 Apr 202609:37
attackerkb
AlpineLinux
CVE-2026-33254
22 Apr 202613:45
alpinelinux
AlpineLinux
CVE-2026-33257
22 Apr 202609:37
alpinelinux
AlpineLinux
CVE-2026-33260
22 Apr 202609:39
alpinelinux
AlpineLinux
CVE-2026-33593
22 Apr 202613:48
alpinelinux
AlpineLinux
CVE-2026-33594
22 Apr 202613:48
alpinelinux
AlpineLinux
CVE-2026-33595
22 Apr 202613:47
alpinelinux
AlpineLinux
CVE-2026-33596
22 Apr 202613:47
alpinelinux
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2026-51cdd1292b
#

include('compat.inc');

if (description)
{
  script_id(321078);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/14");

  script_cve_id(
    "CVE-2026-33254",
    "CVE-2026-33257",
    "CVE-2026-33260",
    "CVE-2026-33593",
    "CVE-2026-33594",
    "CVE-2026-33595",
    "CVE-2026-33596",
    "CVE-2026-33597",
    "CVE-2026-33598",
    "CVE-2026-33599",
    "CVE-2026-33602"
  );
  script_xref(name:"FEDORA", value:"2026-51cdd1292b");

  script_name(english:"Fedora 44 : dnsdist (2026-51cdd1292b)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the
FEDORA-2026-51cdd1292b advisory.

    Bug Fixes:

    CVE-2026-33254: An attacker can create a large number of concurrent DoQ or DoH3 connections, causing
    unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by
    default

    CVE-2026-33257: An attacker can send a web request that causes unlimited memory allocation in the internal
    web server, leading to a denial of service. The web server is disabled and restricted by an ACL by default

    CVE-2026-33260: An attacker can send a web request that causes unlimited memory allocation in the internal
    web server, leading to a denial of service. The web server is disabled and restricted by an ACL by default

    CVE-2026-33593: A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt
    query

    CVE-2026-33595: A client can trigger excessive memory allocation by generating a lot of errors responses
    over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the
    connection. DOQ and DoH3 are disabled by default

    CVE-2026-33596: A client might theoretically be able to cause a mismatch between queries sent to a backend
    and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or
    DNS over TLS backend

    CVE-2026-33597: A crafted query containing an invalid DNS label can prevent the PRSD detection algorithm
    executed via DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI from being
    executed

    CVE-2026-33598: A cached crafted response can cause an out-of-bounds read if custom Lua code calls
    getDomainListByAddress() or getAddressListByDomain() on a packet cache

    CVE-2026-33599: A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers
    request, when requested via either the autoUpgrade (Lua) option to newServer or auto_upgrade (YAML)
    settings. DDR upgrade is not enabled by default

    CVE-2026-33602: A rogue backend can send a crafted UDP response with a query ID off by one related to the
    maximum configured value, triggering an out-of-bounds write leading to a denial of service

    CVE-2026-33594: A client can trigger excessive memory allocation by generating a lot of queries that are
    routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released
    until the end of the connection. Outgoing DoH is disabled by default



Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2026-51cdd1292b");
  script_set_attribute(attribute:"solution", value:
"Update the affected dnsdist package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-33598");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/04/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/06/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:44");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:dnsdist");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'Fedora' >!< os_product) audit(AUDIT_OS_NOT, 'Fedora');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
if (! preg(pattern:"^44([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'Fedora 44', 'Fedora ' + os_version);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);

var constraints = [
  {
    'release': '44',
    'pkgs': [
      {'reference':'dnsdist-2.0.6-1.fc44', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dnsdist');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

14 Jun 2026 00:00Current
6Medium risk
Vulners AI Score6
CVSS 3.17.5 - 9.1
EPSS0.01073
SSVC
9