CVE-2025-30187

CVE-2025-30187

Name

CVE-2025-30187

Description

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources.

NVD Severity

low

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
security@open-xchange.com	https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-05.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/09/18/1

Type

URI

security@open-xchange.com

https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-05.html

af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2025/09/18/1

CPE URI	Source package	Min version	Max version
	dnsdist	>= 1.9.0	< 1.9.11
	dnsdist	>= 2.0.0	< 2.0.1

CPE URI

Source package

Min version

Max version

dnsdist

>= 1.9.0

< 1.9.11

dnsdist

>= 2.0.0

< 2.0.1

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
dnsdist	edge-community	2.0.1-r0	Peter van Dijk <peter.van.dijk@powerdns.com>	fixed
dnsdist	edge-community	2.0.0-r1	Peter van Dijk <peter.van.dijk@powerdns.com>	possibly vulnerable
dnsdist	edge-community	2.0.0-r0	Peter van Dijk <peter.van.dijk@powerdns.com>	possibly vulnerable
dnsdist	edge-community	1.9.9-r0	Peter van Dijk <peter.van.dijk@powerdns.com>	possibly vulnerable
dnsdist	edge-community	1.9.8-r0	Peter van Dijk <peter.van.dijk@powerdns.com>	possibly vulnerable
dnsdist	edge-community	1.9.7-r0	Peter van Dijk <peter.van.dijk@powerdns.com>	possibly vulnerable
dnsdist	edge-community	1.9.10-r0	Peter van Dijk <peter.van.dijk@powerdns.com>	possibly vulnerable
dnsdist	3.22-community	1.9.10-r0	Peter van Dijk <peter.van.dijk@powerdns.com>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

dnsdist

edge-community

2.0.1-r0

Peter van Dijk <peter.van.dijk@powerdns.com>

fixed

dnsdist

edge-community