CVE-2024-25581

Published: 14/05/2024 Updated: 14/05/2024

When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing the process to stop and thus leading to a Denial of Service. DNS over HTTPS is not enabled by default, and backends are using plain DNS (Do53) by default.

Debian Bug report logs - #1071750 dnsdist: CVE-2024-25581 Package: src:dnsdist; Maintainer for src:dnsdist is dnsdist packagers <dnsdist@packagesdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 24 May 2024 14:57:09 UTC Severity: important Tags: security Reply or subscribe to this bug T ...

Hi all, Two work-arounds are available: The full security advisory is provided below, and can also be found at dnsdistorg/security-advisories/powerdns-advisory-for-dnsdist-2024-03html A minimal patch can also be found here: downloadspowerdnscom/patches/2024-03/ Please feel free to contact me directly if you have any ...

https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2024-03.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071750 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-25581

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect