Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: dnsdist

Found 18 matching suggestions

View:
Compact
Detailed
Published
Permalink CVE-2026-33260
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 3 weeks, 2 days ago by @LeSuisse Activity log
  • Created suggestion 3 weeks, 2 days ago
  • @LeSuisse ignored
    7 packages
    • rotp
    • pdnsd
    • dnsdist
    • pdnsgrep
    • pdns-recursor
    • home-assistant-component-tests.namecheapdns
    • tests.home-assistant-components.namecheapdns
    3 weeks, 2 days ago
  • @LeSuisse accepted 3 weeks, 2 days ago
  • @LeSuisse restored
    2 packages
    • dnsdist
    • pdns-recursor
    3 weeks, 2 days ago
  • @LeSuisse published on GitHub 3 weeks, 2 days ago
Insufficient input validation of internal webserver

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

Affected products

pdns
  • <5.0.4
  • <4.9.14
dnsdist
  • <2.0.4
  • <1.9.13
pdns-recursor
  • <5.4.1
  • <5.2.9
  • <5.3.6

Matching in nixpkgs

pkgs.pdns

Authoritative DNS server

Ignored packages (5)

pkgs.rotp

Open-source modernization of the 1993 classic "Master of Orion", written in Java

  • nixos-unstable 1.04
    • nixpkgs-unstable 1.04
    • nixos-unstable-small 1.04
  • nixos-25.11 1.04
    • nixos-25.11-small 1.04
    • nixpkgs-25.11-darwin 1.04

pkgs.pdnsgrep

Search tool for PowerDNS logs

Package maintainers

https://blog.powerdns.com/2026/04/22/powerdns-security-advisory-2026-05-for-powerdns-authoritative-server
Published
Permalink CVE-2026-33257
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 3 weeks, 2 days ago by @LeSuisse Activity log
  • Created suggestion 3 weeks, 2 days ago
  • @LeSuisse ignored
    5 packages
    • rotp
    • pdnsgrep
    • pdnsd
    • tests.home-assistant-components.namecheapdns
    • home-assistant-component-tests.namecheapdns
    3 weeks, 2 days ago
  • @LeSuisse accepted 3 weeks, 2 days ago
  • @LeSuisse published on GitHub 3 weeks, 2 days ago
Insufficient input validation of internal webserver

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

Affected products

pdns
  • <5.0.4
  • <4.9.14
dnsdist
  • <2.0.4
  • <1.9.13
pdns-recursor
  • <5.4.1
  • <5.2.9
  • <5.3.6

Matching in nixpkgs

pkgs.pdns

Authoritative DNS server

Ignored packages (5)

pkgs.rotp

Open-source modernization of the 1993 classic "Master of Orion", written in Java

  • nixos-unstable 1.04
    • nixpkgs-unstable 1.04
    • nixos-unstable-small 1.04
  • nixos-25.11 1.04
    • nixos-25.11-small 1.04
    • nixpkgs-25.11-darwin 1.04

pkgs.pdnsgrep

Search tool for PowerDNS logs

Package maintainers

https://blog.powerdns.com/2026/04/22/powerdns-security-advisory-2026-05-for-powerdns-authoritative-server
Published
Permalink CVE-2026-33595
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 3 weeks, 2 days ago by @LeSuisse Activity log
  • Created suggestion 3 weeks, 2 days ago
  • @LeSuisse accepted 3 weeks, 2 days ago
  • @LeSuisse published on GitHub 3 weeks, 2 days ago
DoQ/DoH3 excessive memory allocation

A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection.

Affected products

dnsdist
  • <2.0.4
  • <1.9.13

Matching in nixpkgs

Package maintainers

Published
Permalink CVE-2026-33602
6.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): Low (L)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): High (H)
updated 3 weeks, 2 days ago by @LeSuisse Activity log
  • Created suggestion 3 weeks, 2 days ago
  • @LeSuisse accepted 3 weeks, 2 days ago
  • @LeSuisse published on GitHub 3 weeks, 2 days ago
Off-by-one access when processing crafted UDP responses

A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service.

Affected products

dnsdist
  • <2.0.4
  • <1.9.13

Matching in nixpkgs

Package maintainers

Published
Permalink CVE-2026-33254
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 3 weeks, 2 days ago by @LeSuisse Activity log
  • Created suggestion 3 weeks, 2 days ago
  • @LeSuisse accepted 3 weeks, 2 days ago
  • @LeSuisse published on GitHub 3 weeks, 2 days ago
Resource exhaustion via DoQ/DoH3 connections

An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default.

Affected products

dnsdist
  • <2.0.4
  • <1.9.13

Matching in nixpkgs

Package maintainers

Published
Permalink CVE-2026-33593
7.5 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
updated 3 weeks, 2 days ago by @LeSuisse Activity log
  • Created suggestion 3 weeks, 2 days ago
  • @LeSuisse accepted 3 weeks, 2 days ago
  • @LeSuisse published on GitHub 3 weeks, 2 days ago
Denial of service via crafted DNSCrypt query

A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.

Affected products

dnsdist
  • <2.0.4
  • <1.9.13

Matching in nixpkgs

Package maintainers

Published
Permalink CVE-2026-33598
4.8 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 3 weeks, 2 days ago by @LeSuisse Activity log
  • Created suggestion 3 weeks, 2 days ago
  • @LeSuisse accepted 3 weeks, 2 days ago
  • @LeSuisse published on GitHub 3 weeks, 2 days ago
Out-of-bounds read in cache inspection via Lua

A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on a packet cache.

Affected products

dnsdist
  • <2.0.4
  • <1.9.13

Matching in nixpkgs

Package maintainers

Published
Permalink CVE-2026-33594
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 3 weeks, 2 days ago by @LeSuisse Activity log
  • Created suggestion 3 weeks, 2 days ago
  • @LeSuisse accepted 3 weeks, 2 days ago
  • @LeSuisse published on GitHub 3 weeks, 2 days ago
Outgoing DoH excessive memory allocation

A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released until the end of the connection.

Affected products

dnsdist
  • <2.0.4
  • <1.9.13

Matching in nixpkgs

Package maintainers

Published
Permalink CVE-2026-33597
3.7 LOW
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 3 weeks, 2 days ago by @LeSuisse Activity log
  • Created suggestion 3 weeks, 2 days ago
  • @LeSuisse accepted 3 weeks, 2 days ago
  • @LeSuisse published on GitHub 3 weeks, 2 days ago
PRSD detection denial of service

PRSD detection denial of service

Affected products

dnsdist
  • <2.0.4
  • <1.9.13

Matching in nixpkgs

Package maintainers

Published
Permalink CVE-2026-33596
3.1 LOW
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Adjacent (A)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Adjacent (A)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 3 weeks, 2 days ago by @LeSuisse Activity log
  • Created suggestion 3 weeks, 2 days ago
  • @LeSuisse accepted 3 weeks, 2 days ago
  • @LeSuisse published on GitHub 3 weeks, 2 days ago
TCP backend stream ID overflow

A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DNS over TLS backend.

Affected products

dnsdist
  • <2.0.4
  • <1.9.13

Matching in nixpkgs

Package maintainers