from 0
CRITICAL9.1CVE-2026-33598A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on… from 0
HIGH8.8dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.
from 0, < 1.2.0-1
HIGH8.2A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bo…
from 0
HIGH8.2An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacket…
from 0
HIGH8.1A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade…
from 0
HIGH7.5PRSD detection denial of service
from 0
HIGH7.5A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some res…
from 0
HIGH7.5A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queri…
from 0
HIGH7.5A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.
from 0
HIGH7.5An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to…
from 0
HIGH7.5An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service.
from 0
HIGH7.5An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service.
from 0
HIGH7.5An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions meth…
from 0
HIGH7.5An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName…
from 0
HIGH7.5An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resu…
from 0
HIGH7.5In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a clien…
from 0
HIGH7.5When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange th…
from 0, < 1.9.9-1
HIGH7.5When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, a…
from 0, < 1.9.4-1
HIGH7.5An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend.
from 0, < 1.2.0-1
MEDIUM6.5A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of…
from 0
MEDIUM6.5When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the nghttp2 provid…
from 0
MEDIUM5.9An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the a…
from 0, < 1.3.3-1
MEDIUM4.3When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged to the dashboard i…
from 0
MEDIUM4.3An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where…
from 0
LOW3.7In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might…
from 0, < 1.9.10-1+deb13u1