DEBIAN-CVE-2025-30187

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...

CVE-2025-30187

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...

CVE-2025-30187

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...

UBUNTU-CVE-2025-30187

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop via the nghttp2 process. An attacker can exhaust CPU resources by sending specially crafted DNS over HTTPS exchanges that trigger an unbounded I/O read loop. This is only exploitable if the system is configured to use the...

CVE-2025-30187

DNSdist is vulnerable when configured to use the nghttp2 library to process DoH queries. The issue is an unbounded I/O read loop in the DoH path that can cause CPU resource exhaustion (DoS). Affected code appears post-1.9.0-alpha1; various advisories recommend upgrading DNSdist to fixed releases....

CVE-2025-30187

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...

CVE-2025-30187

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...

CVE-2025-30187 Denial of service via crafted DoH exchange in PowerDNS DNSdist

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...

DNSdist 安全漏洞

DNSdist is a highly DNS, DoS and abuse aware load balancer from DNSdist open source. A security vulnerability exists in DNSdist that stems from the use of the nghttp2 library to process DNS over HTTPS queries that may trigger an infinite I/O read loop, which may lead to excessive CPU resource...

dnsdist -- Denial of service via crafted DoH exchange

[email protected] reports: In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an...

SUSE SLES15 Security Update : netty (SUSE-SU-2025:03021-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:03021-1 advisory. - CVE-2025-55163: Fixed 'MadeYouReset' DoS attack in HTTP/2 protocol including DNS over HTTPS bsc1247991 Tenable has extracted the preceding descripti...

Linux Distros Unpatched Vulnerability : CVE-2025-30194

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illega...

Linux Distros Unpatched Vulnerability : CVE-2020-26961

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver...

Quantum-Resistant Domain Name System: a Comprehensive System-Level Study

The Domain Name System DNS plays a foundational role in Internet infrastructure, yet its core protocols remain vulnerable to compromise by quantum adversaries. As cryptographically relevant quantum computers become a realistic threat, ensuring DNS confidentiality, authenticity, and integrity in t...

SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2025:01787-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01787-1 advisory. Update to version 9.20.9. - Security issues fixed: CVE-2025-40775: denial-of-service due to assertion failure...

SUSE-SU-2025:01787-1 Security update for bind

This update for bind fixes the following issues: Update to version 9.20.9. - Security issues fixed: CVE-2025-40775: denial-of-service due to assertion failure caused by the processing of a NS message with an invalid TSIG bsc1243361. CVE-2024-12705: CPU and memory exhaustion due to DNS-over-HTTPS...

Security Bulletin: AIX/VIOS is vulnerable to a denial of service due to ISC BIND

Summary Vulnerabilities in ISC BIND could allow a remote attacker to cause a denial of service CVE-2024-12705, CVE-2024-11187. AIX uses ISC BIND as as part of its DNS functions. Vulnerability Details CVEID:CVE-2024-12705 DESCRIPTION: Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's C...

SUSE CVE-2025-30194

When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access double-free and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.9 version. A...

DEBIAN-CVE-2025-30194

When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access double-free and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.9 version. A...