Lucene search
K

4 matches found

OSV
OSV
added 2026/04/28 10:46 p.m.5 views

GHSA-QHMP-Q7XH-99RH CoreDNS has TSIG authentication bypass on DoT, DoH, DoH3, DoQ, and gRPC

Summary CoreDNS' tsig plugin can be bypassed on non-plain-DNS transports because it trusts the transport writer's TsigStatus instead of performing verification itself. In the attached PoC, plain DNS/TCP correctly rejects an invalid TSIG NOTAUTH, while the same invalid-TSIG request is accepted ove...

8.7CVSS5.8AI score0.00374EPSS
Exploits1References4
CVE
CVE
added 2026/03/31 12:1 p.m.17 views

CVE-2026-24030

DNSdist (DNS load balancer) has a vulnerability CVE-2026-24030 where processing DNS over QUIC or DNS over HTTP/3 payloads may allocate unbounded memory, potentially causing denial of service and, in some cases, an out-of-memory state. Debian’s advisory notes a fix in dnsdist for stable (trixie) v...

7.5CVSS5.9AI score0.00537EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/31 12:1 p.m.23 views

CVE-2026-24030 Unbounded memory allocation for DoQ and DoH3

An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connection is properly...

5.3CVSS0.00537EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2022/07/20 1:41 p.m.33 views

Google Adds Support for DNS-over-HTTP/3 in Android to Keep DNS Queries Private — The Hacker News

Google on Tuesday officially announced support for DNS-over-HTTP/3 DoH3 for Android devices as part of a Google Play system update designed to keep DNS queries private. To that end, Android smartphones running Android 11 and higher are expected to use DoH3 instead of DNS-over-TLS DoT, which was...

7.2AI score
Exploits0
Rows per page
Query Builder