Dnsdist

dnsdist

Vendor: Powerdns • 21 CVEs

CVEs (21)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-33602 1Powerdns 1Dnsdist Apr 24, 2026 Apr 22, 2026 N/A· v4 8.2 HIGH· v3 N/A· v2 A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service.
CVE-2026-33599 1Powerdns 1Dnsdist Apr 24, 2026 Apr 22, 2026 N/A· v4 8.1 HIGH· v3 N/A· v2 A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade (Lua) option to newServer or auto_upgrade (YAML) settings. DDR upgrade is not ena...Show more A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade (Lua) option to newServer or auto_upgrade (YAML) settings. DDR upgrade is not enabled by default.Show less
CVE-2026-33598 1Powerdns 1Dnsdist Apr 24, 2026 Apr 22, 2026 N/A· v4 9.1 CRITICAL· v3 N/A· v2 A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on a packet cache.
CVE-2026-33597 1Powerdns 1Dnsdist Apr 24, 2026 Apr 22, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 PRSD detection denial of service
CVE-2026-33596 1Powerdns 1Dnsdist Apr 24, 2026 Apr 22, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DNS over TLS backend.
CVE-2026-33595 1Powerdns 1Dnsdist Apr 24, 2026 Apr 22, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection.
CVE-2026-33594 1Powerdns 1Dnsdist Apr 24, 2026 Apr 22, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released until the end of the con...Show more A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released until the end of the connection.Show less
CVE-2026-33593 1Powerdns 1Dnsdist Apr 24, 2026 Apr 22, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.
CVE-2026-33254 1Powerdns 1Dnsdist Apr 27, 2026 Apr 22, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default.
CVE-2026-33260 1Powerdns 3Authoritative DnsdistRecursor Apr 27, 2026 Apr 22, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
CVE-2026-33257 1Powerdns 3Authoritative DnsdistRecursor Apr 27, 2026 Apr 22, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
CVE-2026-27854 1Powerdns 1Dnsdist Apr 14, 2026 Mar 31, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOptions might refer to a...Show more An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOptions might refer to a version of the DNS packet that has been modified, thus triggering a use-after-free and potentially a crash resulting in denial of service.Show less
CVE-2026-27853 1Powerdns 1Dnsdist Apr 14, 2026 Mar 31, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten...Show more An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535 bytes, potentially leading to a crash resulting in denial of service.Show less
CVE-2026-24030 1Powerdns 1Dnsdist Apr 14, 2026 Mar 31, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available...Show more An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connection is properly closed, but in some cases the system might enter an out-of-memory state instead and terminate the process.Show less
CVE-2026-24029 1Powerdns 1Dnsdist Apr 14, 2026 Mar 31, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless...Show more When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL.Show less
CVE-2026-24028 1Powerdns 1Dnsdist Apr 14, 2026 Mar 31, 2026 N/A· v4 8.2 HIGH· v3 N/A· v2 An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leadi...Show more An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential information disclosure.Show less
CVE-2026-0397 1Powerdns 1Dnsdist Apr 14, 2026 Mar 31, 2026 N/A· v4 4.3 MEDIUM· v3 N/A· v2 When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running config...Show more When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration of the Cross-Origin Resource Sharing (CORS) policy.Show less
CVE-2026-0396 1Powerdns 1Dnsdist Apr 13, 2026 Mar 31, 2026 N/A· v4 4.3 MEDIUM· v3 N/A· v2 An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSu...Show more An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI.Show less
CVE-2018-14663 1Powerdns 1Dnsdist Nov 21, 2024 Nov 26, 2018 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client...Show more An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a valid record while not seen by dnsdist. This is an issue when dnsdist is deployed as a DNS Firewall and used to filter some records that should not be received by the backend. This issue occurs only when either the 'useClientSubnet' or the experimental 'addXPF' parameters are used when declaring a new backend.Show less
CVE-2016-7069 1Powerdns 1Dnsdist Nov 21, 2024 Sep 11, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an...Show more An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding the response to the initial client. On a 32-bit system, the pointer arithmetic used when parsing the received response to remove that record might trigger an undefined behavior leading to a crash.Show less

12 Next