Lucene search
+L

81 matches found

Vulnrichment
Vulnrichment
added 2025/04/29 11:25 a.m.7 views

CVE-2025-30194 Denial of service via crafted DoH exchange

When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access double-free and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.9 version. A...

7.5CVSS7.5AI score0.02068EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/29 11:25 a.m.24 views

CVE-2025-30194 Denial of service via crafted DoH exchange

When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access double-free and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.9 version. A...

7.5CVSS0.02068EPSS
Exploits0References1
CVE
CVE
added 2025/04/29 11:25 a.m.69 views

CVE-2025-30194

Summary (CVE-2025-30194) : When DNSdist is configured to serve DoH through the nghttp2 provider, an attacker can trigger an illegal memory access (double-free) via a crafted DoH exchange, causing a denial of service (crash). The vulnerability affects DNSdist’s DoH handling with nghttp2; an upgrad...

7.5CVSS7.5AI score0.02068EPSS
Exploits0References4
OSV
OSV
added 2025/04/29 11:25 a.m.9 views

CVE-2025-30194 Denial of service via crafted DoH exchange

When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access double-free and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.9 version. A...

7.5CVSS7.2AI score0.02068EPSS
Exploits0References8
FreeBSD
FreeBSD
added 2025/04/29 12:0 a.m.12 views

dnsdist -- Denial of service via crafted DoH exchange

[email protected] reports: When DNSdist is configured to provide DoH via the nghttp2provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access double-free and crash of DNSdist, causing a denial of service. The remedy is: upgrade t...

7.5CVSS6.8AI score0.02068EPSS
Exploits0References1
Hacker One
Hacker One
added 2025/03/04 6:24 a.m.1751 views

curl: Use after free (read) in curl_multi_perform with DoH and Proxy options, and resolve timeouts

Summary: summary of the vulnerability There is a use after free in curlmultiperform when DoH resolver timeouts and CURLOPTPROXY is used see reproducer and stack trace I found it via fuzzing with https://github.com/catenacyber/curl-fuzzer/tree/proxy after fixing a small memory leak in curl Another...

7.1AI score
Exploits0
OSV
OSV
added 2025/02/14 12:11 p.m.4 views

OESA-2025-1105 bind security update

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

7.5CVSS6.9AI score0.17935EPSS
Exploits0References3
Amazon
Amazon
added 2025/02/04 12:0 a.m.29 views

Important: bind

Issue Overview: It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate...

7.5CVSS8AI score0.17935EPSS
Exploits0
Amazon
Amazon
added 2025/02/04 12:0 a.m.4 views

Important: bind

Issue Overview: It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate...

7.5CVSS6.9AI score0.17935EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/10/04 9:50 a.m.36 views

Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors

Cloudflare has disclosed that it mitigated a record-breaking distributed denial-of-service DDoS attack that peaked at 3.8 terabits per second Tbps and lasted 65 seconds. The web infrastructure and security company said it fended off "over one hundred hyper-volumetric L3/4 DDoS attacks throughout...

9.8CVSS9.1AI score0.50174EPSS
Exploits15
Tenable Nessus
Tenable Nessus
added 2024/09/28 12:0 a.m.32 views

openSUSE 15 Security Update : coredns (openSUSE-SU-2024:0319-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0319-1 advisory. Update to version 1.11.3: optimize the performance for high qps 6767 bump deps Fix zone parser error handling 6680 Add alternate option to forwar...

7.5CVSS7.8AI score0.03931EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2024/08/17 12:0 a.m.19 views

Fedora 39 : bind / bind-dyndb-ldap (2024-ef8a7031e7)

The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-ef8a7031e7 advisory. Update to BIND 9.18.28 Security Fixes - A malicious DNS client that sent many queries over TCP but never read the responses could cause a server to...

7.5CVSS7.8AI score0.0468EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/05/13 11:49 a.m.13 views

CVE-2024-25581 Transfer requests received over DoH can lead to a denial of service in DNSdist

When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer AXFR or IXFR over DNS over HTTPS, causing the process to stop...

7.5CVSS7.3AI score0.01078EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/13 11:49 a.m.36 views

CVE-2024-25581 Transfer requests received over DoH can lead to a denial of service in DNSdist

When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer AXFR or IXFR over DNS over HTTPS, causing the process to stop...

7.5CVSS7.7AI score0.01078EPSS
Exploits0References2
Kitploit
Kitploit
added 2023/08/29 12:30 p.m.39 views

DNSWatch - DNS Traffic Sniffer and Analyzer

DNSWatch is a Python-based tool that allows you to sniff and analyze DNS Domain Name System traffic on your network. It listens to DNS requests and responses and provides insights into the DNS activity. Features Sniff and analyze DNS requests and responses. Display DNS requests with their...

7.2AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2023/08/03 4:35 p.m.15 views

doh-proxy (=0.4.0), libdoh (>=0.4.0 <=0.9.4) +1 more potentially affected by CVE-2023-3766 via odoh-rs (>=0.1.11 <=1.0.0)

odoh-rs CARGO version =0.1.11, =0.4.0, =0.1.0, =0.1.9 Source cves: CVE-2023-3766 Source advisory: OSV:GHSA-GPCV-P28P-FV2P...

5.9CVSS6.2AI score0.0065EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/08/03 12:0 p.m.6 views

doh-proxy (=0.4.0), libdoh (>=0.4.0 <=0.9.4) +1 more potentially affected by CVE-2023-3766 via odoh-rs (>=0.1.11 <=1.0.0)

odoh-rs CARGO version =0.1.11, =0.4.0, =0.1.0, =0.1.9 Source cves: CVE-2023-3766 Source advisory: OSV:RUSTSEC-2023-0095...

5.9CVSS6.2AI score0.0065EPSS
Exploits0
NVD
NVD
added 2022/05/19 10:15 a.m.21 views

CVE-2022-1183

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS DoT and DNS over HTTPS DoH, bu...

7.5CVSS0.06394EPSS
Exploits0References2
OSV
OSV
added 2022/05/19 10:15 a.m.26 views

CVE-2022-1183

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS DoT and DNS over HTTPS DoH, bu...

7.5CVSS6.6AI score0.06394EPSS
Exploits0References2
CVE
CVE
added 2022/05/19 9:55 a.m.205 views

CVE-2022-1183

CVE-2022-1183 describes an assertion-failure termination in the named daemon on vulnerable BIND configurations that reference http in listen-on statements. Affected are BIND 9.18.0–9.18.2 and BIND 9.19.0 (development branch); configurations using DoT are unaffected, while DoT/DoH deployments may ...

7.5CVSS7.3AI score0.06394EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder