Description

When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.9 version. A workaround is to temporarily switch to the h2o provider until DNSdist has been upgraded to a fixed version. We would like to thank Charles Howes for bringing this issue to our attention.

INFO

Published Date :

2025-04-29T11:25:47.141Z

Last Modified :

2025-06-20T15:42:56.102Z

Source :

OX
AFFECTED PRODUCTS

The following products are affected by CVE-2025-30194 vulnerability.

Vendors Products
Powerdns
  • Dnsdist
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-30194.

URL Resource
http://www.openwall.com/lists/oss-security/2025/04/29/1 cve-icon
https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-02.html cve-icon cve-icon
https://www.vicarius.io/vsociety/posts/cve-2025-30194-detection-dnsdist-vulnerability cve-icon
https://www.vicarius.io/vsociety/posts/cve-2025-30194-mitigate-dnsdist-vulnerability cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact