CVE-2026-24029

When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL...

ROS-20250710-01

Vulnerability in the DoH implementation of the DNS BIND server is related to the allocation of unlimited memory. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service...

CVE-2025-30194

When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access double-free and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.9 version. A...

CVE-2025-30194

Summary (CVE-2025-30194) : When DNSdist is configured to serve DoH through the nghttp2 provider, an attacker can trigger an illegal memory access (double-free) via a crafted DoH exchange, causing a denial of service (crash). The vulnerability affects DNSdist’s DoH handling with nghttp2; an upgrad...

Mozilla: DoH did not filter IPv4 mapped IP Addresses

When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding...