NIXPKGS-2026-0928

GitHub issue published 2 months, 3 weeks ago

Permalink CVE-2026-24030

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

updated 2 months, 3 weeks ago by @LeSuisse Activity log

Created suggestion 2 months, 3 weeks ago
@LeSuisse accepted 2 months, 3 weeks ago
@LeSuisse published on GitHub 2 months, 3 weeks ago

Unbounded memory allocation for DoQ and DoH3

An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connection is properly closed, but in some cases the system might enter an out-of-memory state instead and terminate the process.

References

https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-…

Affected products

dnsdist

<2.0.3
<1.9.12

Matching in nixpkgs

pkgs.dnsdist

DNS Loadbalancer

nixos-unstable 2.0.2
- nixpkgs-unstable 2.0.2
- nixos-unstable-small 2.0.2

Package maintainers

@jojosch Johannes Schleifenbaum <johannes@js-webcoding.de>

https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html

Nixpkgs security tracker

Details of issue NIXPKGS-2026-0928

References

Affected products

Matching in nixpkgs

pkgs.dnsdist

Package maintainers