CVE search results

11 – 16 of 16 results

Detailed view

Sort by:

CVE-2025-30194

Medium priority

Ignored

When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial...

1 affected package

dnsdist

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
dnsdist	Not affected	Not affected	Not affected	Not affected

CVE-2024-25581

Medium priority

Not affected

When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a...

1 affected package

dnsdist

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
dnsdist	Not affected	Not affected	Not affected	Not affected

CVE-2023-44487

High priority

Some fixes available 33 of 46

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

14 affected packages

haproxy, tomcat10, tomcat9, trafficserver, h2o...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
haproxy	Not affected	Not affected	Not affected	Fixed
tomcat10	Not affected	Not in release	Not in release	Ignored
tomcat9	Not affected	Fixed	Fixed	Fixed
trafficserver	Not affected	Fixed	Fixed	Not affected
h2o	Not affected	Fixed	Fixed	Fixed
tomcat8	Not in release	Not in release	Not in release	Fixed
dotnet6	Not in release	Fixed	Not in release	Not in release
dotnet7	Not in release	Fixed	Not in release	Not in release
dotnet8	Fixed	Not affected	Not in release	Not in release
nginx	Not affected	Not affected	Not affected	Not affected
nghttp2	Not affected	Fixed	Fixed	Fixed
nodejs	Not affected	Fixed	Fixed	Fixed
netty	Not affected	Fixed	Fixed	Not affected
dnsdist	Not affected	Fixed	Not affected	Not affected

CVE-2018-14663

Medium priority

Vulnerable

An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet,...

1 affected package

dnsdist

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
dnsdist	Not affected	Not affected	Not affected	Vulnerable

CVE-2016-7069

Medium priority

Vulnerable

An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT...

1 affected package

dnsdist

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
dnsdist	Not affected	Not affected	Not affected	Not affected

CVE-2017-7557

Medium priority

Vulnerable

dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.

1 affected package

dnsdist

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
dnsdist	Not affected	Not affected	Not affected	Not affected

Export to JSON

Results by page:

Search CVE reports