Untriaged
Permalink
CVE-2024-25581
7.5 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Transfer requests received over DoH can lead to a denial of service in DNSdist
When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing the process to stop and thus leading to a Denial of Service. DNS over HTTPS is not enabled by default, and backends are using plain DNS (Do53) by default.
References
- https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2024-03.h…
- http://www.openwall.com/lists/oss-security/2024/05/13/1
- https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2024-03.h…
- https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2024-03.h…
- http://www.openwall.com/lists/oss-security/2024/05/13/1
- https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2024-03.h… x_transferred
- http://www.openwall.com/lists/oss-security/2024/05/13/1 x_transferred
- https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2024-03.h…
- http://www.openwall.com/lists/oss-security/2024/05/13/1
- https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2024-03.h… x_transferred
- http://www.openwall.com/lists/oss-security/2024/05/13/1 x_transferred
Affected products
dnsdist
- ==1.9.1
- ==1.9.0
- ==1.9.3
- ==1.9.2
Package maintainers
-
@jojosch Johannes Schleifenbaum <johannes@js-webcoding.de>