CVE-2026-35406

Published: Apr 7, 2026Modified: Apr 16, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1.

Affected (1)

Products: Containers: Aardvark Dns

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Containers Aardvark Dns	From 1.16.0 to 1.17.1

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (3)

https://github.com/containers/aardvark-dns/commit/3b49ea7b38bdea134b7f03256f2e13f44ce73bb1

Source: security-advisories@github.com

Patch

https://github.com/containers/aardvark-dns/releases/tag/v1.17.1

Source: security-advisories@github.com

Release Notes

https://github.com/containers/aardvark-dns/security/advisories/GHSA-hfpq-x728-986j

Source: security-advisories@github.com

PatchVendor Advisory

Timeline

No history available yet.