pkg:Debian/dnsdist

26 total CVEsCRITICAL1HIGH18MEDIUM6LOW1

✅ Check your installed version

All known vulnerabilities

  • MEDIUM5.3CVE-2023-44487⚠ KEVnghttp2 - security update
    from 0
  • CRITICAL9.1CVE-2026-33598A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on…
    from 0
  • HIGH8.8CVE-2017-7557dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.
    from 0, < 1.2.0-1
  • HIGH8.2CVE-2026-33602A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bo…
    from 0
  • HIGH8.2CVE-2026-24028An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacket…
    from 0
  • HIGH8.1CVE-2026-33599A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade…
    from 0
  • HIGH7.5CVE-2026-33597PRSD detection denial of service
    from 0
  • HIGH7.5CVE-2026-33595A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some res…
    from 0
  • HIGH7.5CVE-2026-33594A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queri…
    from 0
  • HIGH7.5CVE-2026-33593A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.
    from 0
  • HIGH7.5CVE-2026-33254An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to…
    from 0
  • HIGH7.5CVE-2026-33260An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service.
    from 0
  • HIGH7.5CVE-2026-33257An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service.
    from 0
  • HIGH7.5CVE-2026-27854An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions meth…
    from 0
  • HIGH7.5CVE-2026-27853An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName…
    from 0
  • HIGH7.5CVE-2026-24030An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resu…
    from 0
  • HIGH7.5CVE-2025-30193In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a clien…
    from 0
  • HIGH7.5CVE-2025-30194When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange th…
    from 0, < 1.9.9-1
  • HIGH7.5CVE-2024-25581When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, a…
    from 0, < 1.9.4-1
  • HIGH7.5CVE-2016-7069An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend.
    from 0, < 1.2.0-1
  • MEDIUM6.5CVE-2026-33596A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of…
    from 0
  • MEDIUM6.5CVE-2026-24029When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the nghttp2 provid…
    from 0
  • MEDIUM5.9CVE-2018-14663An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the a…
    from 0, < 1.3.3-1
  • MEDIUM4.3CVE-2026-0397When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged to the dashboard i…
    from 0
  • MEDIUM4.3CVE-2026-0396An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where…
    from 0
  • LOW3.7CVE-2025-30187In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might…
    from 0, < 1.9.10-1+deb13u1