81 matches found
CVE-2025-30194 Denial of service via crafted DoH exchange
When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access double-free and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.9 version. A...
CVE-2025-30194 Denial of service via crafted DoH exchange
When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access double-free and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.9 version. A...
CVE-2025-30194
Summary (CVE-2025-30194) : When DNSdist is configured to serve DoH through the nghttp2 provider, an attacker can trigger an illegal memory access (double-free) via a crafted DoH exchange, causing a denial of service (crash). The vulnerability affects DNSdist’s DoH handling with nghttp2; an upgrad...
CVE-2025-30194 Denial of service via crafted DoH exchange
When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access double-free and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.9 version. A...
dnsdist -- Denial of service via crafted DoH exchange
[email protected] reports: When DNSdist is configured to provide DoH via the nghttp2provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access double-free and crash of DNSdist, causing a denial of service. The remedy is: upgrade t...
curl: Use after free (read) in curl_multi_perform with DoH and Proxy options, and resolve timeouts
Summary: summary of the vulnerability There is a use after free in curlmultiperform when DoH resolver timeouts and CURLOPTPROXY is used see reproducer and stack trace I found it via fuzzing with https://github.com/catenacyber/curl-fuzzer/tree/proxy after fixing a small memory leak in curl Another...
OESA-2025-1105 bind security update
BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...
Important: bind
Issue Overview: It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate...
Important: bind
Issue Overview: It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate...
Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors
Cloudflare has disclosed that it mitigated a record-breaking distributed denial-of-service DDoS attack that peaked at 3.8 terabits per second Tbps and lasted 65 seconds. The web infrastructure and security company said it fended off "over one hundred hyper-volumetric L3/4 DDoS attacks throughout...
openSUSE 15 Security Update : coredns (openSUSE-SU-2024:0319-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0319-1 advisory. Update to version 1.11.3: optimize the performance for high qps 6767 bump deps Fix zone parser error handling 6680 Add alternate option to forwar...
Fedora 39 : bind / bind-dyndb-ldap (2024-ef8a7031e7)
The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-ef8a7031e7 advisory. Update to BIND 9.18.28 Security Fixes - A malicious DNS client that sent many queries over TCP but never read the responses could cause a server to...
CVE-2024-25581 Transfer requests received over DoH can lead to a denial of service in DNSdist
When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer AXFR or IXFR over DNS over HTTPS, causing the process to stop...
CVE-2024-25581 Transfer requests received over DoH can lead to a denial of service in DNSdist
When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer AXFR or IXFR over DNS over HTTPS, causing the process to stop...
DNSWatch - DNS Traffic Sniffer and Analyzer
DNSWatch is a Python-based tool that allows you to sniff and analyze DNS Domain Name System traffic on your network. It listens to DNS requests and responses and provides insights into the DNS activity. Features Sniff and analyze DNS requests and responses. Display DNS requests with their...
doh-proxy (=0.4.0), libdoh (>=0.4.0 <=0.9.4) +1 more potentially affected by CVE-2023-3766 via odoh-rs (>=0.1.11 <=1.0.0)
odoh-rs CARGO version =0.1.11, =0.4.0, =0.1.0, =0.1.9 Source cves: CVE-2023-3766 Source advisory: OSV:GHSA-GPCV-P28P-FV2P...
doh-proxy (=0.4.0), libdoh (>=0.4.0 <=0.9.4) +1 more potentially affected by CVE-2023-3766 via odoh-rs (>=0.1.11 <=1.0.0)
odoh-rs CARGO version =0.1.11, =0.4.0, =0.1.0, =0.1.9 Source cves: CVE-2023-3766 Source advisory: OSV:RUSTSEC-2023-0095...
CVE-2022-1183
On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS DoT and DNS over HTTPS DoH, bu...
CVE-2022-1183
On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS DoT and DNS over HTTPS DoH, bu...
CVE-2022-1183
CVE-2022-1183 describes an assertion-failure termination in the named daemon on vulnerable BIND configurations that reference http in listen-on statements. Affected are BIND 9.18.0–9.18.2 and BIND 9.19.0 (development branch); configurations using DoT are unaffected, while DoT/DoH deployments may ...