| Reporter | Title | Published | Views | Family All 184 |
|---|---|---|---|---|
| PowerDNS -- vulnerabilities | 16 Feb 202600:00 | – | freebsd | |
| CVE-2026-33260 | 22 Apr 202609:39 | – | attackerkb | |
| CVE-2026-33257 | 22 Apr 202609:37 | – | attackerkb | |
| CVE-2026-33254 | 22 Apr 202613:45 | – | alpinelinux | |
| CVE-2026-33257 | 22 Apr 202609:37 | – | alpinelinux | |
| CVE-2026-33260 | 22 Apr 202609:39 | – | alpinelinux | |
| CVE-2026-33593 | 22 Apr 202613:48 | – | alpinelinux | |
| CVE-2026-33594 | 22 Apr 202613:48 | – | alpinelinux | |
| CVE-2026-33595 | 22 Apr 202613:47 | – | alpinelinux | |
| CVE-2026-33596 | 22 Apr 202613:47 | – | alpinelinux |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2026-51cdd1292b
#
include('compat.inc');
if (description)
{
script_id(321078);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/14");
script_cve_id(
"CVE-2026-33254",
"CVE-2026-33257",
"CVE-2026-33260",
"CVE-2026-33593",
"CVE-2026-33594",
"CVE-2026-33595",
"CVE-2026-33596",
"CVE-2026-33597",
"CVE-2026-33598",
"CVE-2026-33599",
"CVE-2026-33602"
);
script_xref(name:"FEDORA", value:"2026-51cdd1292b");
script_name(english:"Fedora 44 : dnsdist (2026-51cdd1292b)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the
FEDORA-2026-51cdd1292b advisory.
Bug Fixes:
CVE-2026-33254: An attacker can create a large number of concurrent DoQ or DoH3 connections, causing
unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by
default
CVE-2026-33257: An attacker can send a web request that causes unlimited memory allocation in the internal
web server, leading to a denial of service. The web server is disabled and restricted by an ACL by default
CVE-2026-33260: An attacker can send a web request that causes unlimited memory allocation in the internal
web server, leading to a denial of service. The web server is disabled and restricted by an ACL by default
CVE-2026-33593: A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt
query
CVE-2026-33595: A client can trigger excessive memory allocation by generating a lot of errors responses
over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the
connection. DOQ and DoH3 are disabled by default
CVE-2026-33596: A client might theoretically be able to cause a mismatch between queries sent to a backend
and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or
DNS over TLS backend
CVE-2026-33597: A crafted query containing an invalid DNS label can prevent the PRSD detection algorithm
executed via DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI from being
executed
CVE-2026-33598: A cached crafted response can cause an out-of-bounds read if custom Lua code calls
getDomainListByAddress() or getAddressListByDomain() on a packet cache
CVE-2026-33599: A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers
request, when requested via either the autoUpgrade (Lua) option to newServer or auto_upgrade (YAML)
settings. DDR upgrade is not enabled by default
CVE-2026-33602: A rogue backend can send a crafted UDP response with a query ID off by one related to the
maximum configured value, triggering an out-of-bounds write leading to a denial of service
CVE-2026-33594: A client can trigger excessive memory allocation by generating a lot of queries that are
routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released
until the end of the connection. Outgoing DoH is disabled by default
Tenable has extracted the preceding description block directly from the Fedora security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2026-51cdd1292b");
script_set_attribute(attribute:"solution", value:
"Update the affected dnsdist package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-33598");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2026/04/22");
script_set_attribute(attribute:"patch_publication_date", value:"2026/06/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:44");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:dnsdist");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include('rpm2.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'Fedora' >!< os_product) audit(AUDIT_OS_NOT, 'Fedora');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
if (! preg(pattern:"^44([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'Fedora 44', 'Fedora ' + os_version);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);
var constraints = [
{
'release': '44',
'pkgs': [
{'reference':'dnsdist-2.0.6-1.fc44', 'rpm_spec_vers_cmp':TRUE}
]
}
];
var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');
var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
# Check that the target release is equal to the affected release
if (!empty_or_null(constraint['release'])){
if (constraint['release'] != os_release) continue;
}
if (!empty_or_null(constraint['sp'])){
if (constraint['sp'] != os_sp) continue;
}
foreach var pkg ( constraint['pkgs'] ) {
reference = NULL;
sp = NULL;
_cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
exists_check = NULL;
cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
## (no known rpm to check OR known rpm_exists)
(!exists_check || rpm_exists(rpm:exists_check)) &&
rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dnsdist');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation