9 matches found
CVE-2026-35579
CoreDNS versions prior to 1.14.3 expose a TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports. In gRPC/QUIC, the server checks for a configured TSIG key name but never calls dns.TsigVerify(), so a matching key yields a nil tsigStatus and the request is treated as authenticated rega...
GHSA-QHMP-Q7XH-99RH CoreDNS has TSIG authentication bypass on DoT, DoH, DoH3, DoQ, and gRPC
Summary CoreDNS' tsig plugin can be bypassed on non-plain-DNS transports because it trusts the transport writer's TsigStatus instead of performing verification itself. In the attached PoC, plain DNS/TCP correctly rejects an invalid TSIG NOTAUTH, while the same invalid-TSIG request is accepted ove...
UBUNTU-CVE-2026-24030
An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connection is properly...
CVE-2026-24030
CVE-2026-24030 affects DNSdist and arises from unbounded memory allocation while processing DNS over QUIC (DoQ) or DNS over HTTP/3 (DoH3) payloads. The issue can trigger a denial of service; in memory-constrained environments it may cause an out-of-memory state terminating the process, though in ...
CVE-2026-24030 Unbounded memory allocation for DoQ and DoH3
An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connection is properly...
DNSdist -- vulnerabilities
https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html reports: CVE-2026-0396: HTML injection in the web dashboard CVE-2026-0397: Information disclosure via CORS misconfiguration CVE-2026-24028: Out-of-bounds read when parsing DNS packets via Lua CVE-2026-24029: DN...
PT-2025-38305
Name of the Vulnerable Software and Affected Versions DNSdist affected versions not specified Description DNSdist, when configured to utilize the nghttp2 library for processing DNS over HTTPS DoH queries, may be susceptible to a denial of service. A crafted DoH exchange can trigger an unbounded I...
Google Adds Support for DNS-over-HTTP/3 in Android to Keep DNS Queries Private — The Hacker News
Google on Tuesday officially announced support for DNS-over-HTTP/3 DoH3 for Android devices as part of a Google Play system update designed to keep DNS queries private. To that end, Android smartphones running Android 11 and higher are expected to use DoH3 instead of DNS-over-TLS DoT, which was...
curl: Buffer write overflow when forming dns over http request
Summary: If dns over http is used, the hostname to look up is packed into a buffer to send to the dns server using the dohencode function from the doh.c source file. By default, curl uses a 512 byte buffer. For that length, the buffer may be overflowed with one byte, which is set to 1. Note that...