Количество 6
Количество 6
CVE-2025-30194
When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.9 version. A workaround is to temporarily switch to the h2o provider until DNSdist has been upgraded to a fixed version. We would like to thank Charles Howes for bringing this issue to our attention.
CVE-2025-30194
When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.9 version. A workaround is to temporarily switch to the h2o provider until DNSdist has been upgraded to a fixed version. We would like to thank Charles Howes for bringing this issue to our attention.
CVE-2025-30194
When DNSdist is configured to provide DoH via the nghttp2 provider, an ...
GHSA-487w-xx5j-gqwc
When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.9 version. A workaround is to temporarily switch to the h2o provider until DNSdist has been upgraded to a fixed version. We would like to thank Charles Howes for bringing this issue to our attention.
BDU:2026-00246
Уязвимость компонента nghttp2 Provider программного обеспечения PowerDNS DNSdist, позволяющая нарушителю вызвать отказ в обслуживании
SUSE-SU-2025:01743-1
Security update for dnsdist
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-30194 When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.9 version. A workaround is to temporarily switch to the h2o provider until DNSdist has been upgraded to a fixed version. We would like to thank Charles Howes for bringing this issue to our attention. | CVSS3: 7.5 | 0% Низкий | 10 месяцев назад |
 | CVE-2025-30194 When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.9 version. A workaround is to temporarily switch to the h2o provider until DNSdist has been upgraded to a fixed version. We would like to thank Charles Howes for bringing this issue to our attention. | CVSS3: 7.5 | 0% Низкий | 10 месяцев назад |
| CVE-2025-30194 When DNSdist is configured to provide DoH via the nghttp2 provider, an ... | CVSS3: 7.5 | 0% Низкий | 10 месяцев назад |
| GHSA-487w-xx5j-gqwc When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.9 version. A workaround is to temporarily switch to the h2o provider until DNSdist has been upgraded to a fixed version. We would like to thank Charles Howes for bringing this issue to our attention. | CVSS3: 7.5 | 0% Низкий | 10 месяцев назад |
 | BDU:2026-00246 Уязвимость компонента nghttp2 Provider программного обеспечения PowerDNS DNSdist, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 0% Низкий | 10 месяцев назад |
 | SUSE-SU-2025:01743-1 Security update for dnsdist | 9 месяцев назад |
Уязвимостей на страницу