27 matches found
EUVD-2012-3812
Malware in sbrugna...
Security update for dnsdist
This update for dnsdist fixes the following issues: CVE-2025-30193: stack exhaustion when processing too many queries on incoming TCP connections leads to a denial-of-service bsc1243378. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for dnsdist
This update for dnsdist fixes the following issues: Update to version 1.9.10. CVE-2025-30194: illegal memory access double-free when processing specially crafted DoH exchanges leads to a denial-of-service bsc1242028. CVE-2025-30193: stack exhaustion when processing too many queries on incoming TC...
CVE-2025-30193
In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of...
CVE-2025-30193 Denial of service via crafted TCP exchange
In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of...
DEBIAN-CVE-2025-31498
c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed...
AZL-59742 CVE-2025-31498 affecting package fluent-bit for versions less than 3.1.9-4
c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed...
UBUNTU-CVE-2025-31498
c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed...
CVE-2025-31498 c-ares has a use-after-free in read_answers()
c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed...
K15739: BIND vulnerability CVE-2012-3868
Security Advisory Description Race condition in the nsclient structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service memory consumption or process exit via a large volume of TCP queries. CVE-2012-3868 Impact None. No F5 products are affected by...
SUSE CVE-2019-3806
An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua...
[slackware-security] bind
New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/bind-9.11.13-i586-1slack14.2.txz: Upgraded. This update fixes a security issue: Set a limit on the number of concurrently...
CVE-2019-3806
An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua...
CVE-2019-3806
An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua...
CVE-2019-3806
An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua...
CVE-2019-3806
An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua...
CVE-2019-3806
PowerDNS Recursor (pdns-recursor) version range affected: after 4.1.3 up to before 4.1.9. The issue stems from Lua hooks not being properly applied to TCP queries in certain settings, potentially bypassing security policies enforced via Lua. Exploitation details are not provided in the supplied d...
FreeBSD : powerdns-recursor -- multiple vulnerabilities (40d92cc5-1e2b-11e9-bef6-6805ca2fa271)
PowerDNS Team reports : CVE-2019-3806: An issue has been found in PowerDNS Recursor where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua. When the recursor is configured to run with...
Updated pdns-recursor package fixes security vulnerabilities
An issue has been found in PowerDNS Recursor where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua CVE-2019-3806. An issue has been found in PowerDNS Recursor where records in the...
MGASA-2019-0051 Updated pdns-recursor package fixes security vulnerabilities
An issue has been found in PowerDNS Recursor where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua CVE-2019-3806. An issue has been found in PowerDNS Recursor where records in the...