CVE-2025-30193

Name
CVE-2025-30193
Description
In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.10 version. A workaround is to restrict the maximum number of queries on incoming TCP connections to a safe value, like 50, via the setMaxTCPQueriesPerConnection setting. We would like to thank Renaud Allard for bringing this issue to our attention.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
security@open-xchange.com https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-03.html

Match rules

CPE URI Source package Min version Max version
dnsdist == 1.9.10 == 1.9.10

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
dnsdist edge-community 1.9.10-r0 Peter van Dijk <peter.van.dijk@powerdns.com> fixed
dnsdist 3.22-community 1.9.10-r0 Peter van Dijk <peter.van.dijk@powerdns.com> fixed
dnsdist 3.21-community 1.9.10-r0 Peter van Dijk <peter.van.dijk@powerdns.com> fixed