CVE-2025-30187

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...

DNSdist 安全漏洞

DNSdist is a highly DNS, DoS and abuse aware load balancer from DNSdist open source. A security vulnerability exists in DNSdist that stems from the use of the nghttp2 library to process DNS over HTTPS queries that may trigger an infinite I/O read loop, which may lead to excessive CPU resource...

dnsdist -- Denial of service via crafted DoH exchange

[email protected] reports: In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an...

SUSE SLES15 Security Update : netty (SUSE-SU-2025:03021-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:03021-1 advisory. - CVE-2025-55163: Fixed 'MadeYouReset' DoS attack in HTTP/2 protocol including DNS over HTTPS bsc1247991 Tenable has extracted the preceding descripti...

Linux Distros Unpatched Vulnerability : CVE-2025-30194

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illega...

Linux Distros Unpatched Vulnerability : CVE-2020-26961

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver...

Quantum-Resistant Domain Name System: a Comprehensive System-Level Study

The Domain Name System DNS plays a foundational role in Internet infrastructure, yet its core protocols remain vulnerable to compromise by quantum adversaries. As cryptographically relevant quantum computers become a realistic threat, ensuring DNS confidentiality, authenticity, and integrity in t...

SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2025:01787-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01787-1 advisory. Update to version 9.20.9. - Security issues fixed: CVE-2025-40775: denial-of-service due to assertion failure...

SUSE-SU-2025:01787-1 Security update for bind

This update for bind fixes the following issues: Update to version 9.20.9. - Security issues fixed: CVE-2025-40775: denial-of-service due to assertion failure caused by the processing of a NS message with an invalid TSIG bsc1243361. CVE-2024-12705: CPU and memory exhaustion due to DNS-over-HTTPS...

Security Bulletin: AIX/VIOS is vulnerable to a denial of service due to ISC BIND

Summary Vulnerabilities in ISC BIND could allow a remote attacker to cause a denial of service CVE-2024-12705, CVE-2024-11187. AIX uses ISC BIND as as part of its DNS functions. Vulnerability Details CVEID:CVE-2024-12705 DESCRIPTION: Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's C...

DEBIAN-CVE-2025-30194

When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access double-free and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.9 version. A...

UBUNTU-CVE-2025-30194

When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access double-free and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.9 version. A...

DNSdist 安全漏洞

DNSdist is a highly DNS, DoS and abuse aware load balancer from DNSdist open source. A security vulnerability exists in DNSdist that stems from a double release triggered by the nghttp2 provider program when processing DoH exchanges, which could lead to a denial of service...

RLSA-2025:1670 Important: bind9.18 security update

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

Linux Distros Unpatched Vulnerability : CVE-2024-12705

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects...

AlmaLinux 9 : bind9.18 (ALSA-2025:1670)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:1670 advisory. bind: bind9: Many records in the additional section cause CPU exhaustion CVE-2024-11187 bind: bind9: DNS-over-HTTPS implementation suffers from multiple...

bind9.18 security update

32:9.18.29-1.el95.1 - Fix CVE-2024-11187 bind: bind9: Many records in the additional section cause CPU exhaustion - Fix CVE-2024-12705 bind: bind9: DNS-over-HTTPS implementation suffers from multiple issues under heavy query load...

Important: Red Hat Security Advisory: bind9.18 security update

An update for bind9.18 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

RHEL 9 : bind9.18 (RHSA-2025:1670)

"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:1670 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which...

ALSA-2025:1670 Important: bind9.18 security update

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...