Описание
In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| dnsdist | fixed | 2.0.1-1 | package | |
| dnsdist | fixed | 1.9.10-1+deb13u1 | trixie | package |
| dnsdist | not-affected | bookworm | package | |
| dnsdist | not-affected | bullseye | package |
Примечания
https://www.openwall.com/lists/oss-security/2025/09/18/1
https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-05.html
Patches: https://downloads.powerdns.com/patches/2025-05/
Связанные уязвимости
In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources.
In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources.
In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources.