Information on source package dnsdist

Available versions

ReleaseVersion
bullseye1.5.1-3
bookworm1.7.3-2
trixie1.9.10-1+deb13u1
trixie (security)1.9.14-0+deb13u1
forky2.0.5-1
sid2.0.5-1

Open issues

BugbullseyebookwormtrixieforkysidDescription
CVE-2026-33602vulnerablevulnerablefixedfixedfixedA rogue backend can send a crafted UDP response with a query ID off by ...
CVE-2026-33599vulnerablevulnerablefixedfixedfixedA rogue backend can send a crafted SVCB response to a Discovery of Des ...
CVE-2026-33598vulnerablevulnerablefixedfixedfixedA cached crafted response can cause an out-of-bounds read if custom Lu ...
CVE-2026-33597vulnerablevulnerablefixedfixedfixedPRSD detection denial of service
CVE-2026-33596vulnerablevulnerablefixedfixedfixedA client might theoretically be able to cause a mismatch between queri ...
CVE-2026-33595vulnerablevulnerablefixedfixedfixedA client can trigger excessive memory allocation by generating a lot o ...
CVE-2026-33594vulnerablevulnerablefixedfixedfixedA client can trigger excessive memory allocation by generating a lot o ...
CVE-2026-33593vulnerablevulnerablefixedfixedfixedA client can trigger a divide by zero error leading to crash by sendin ...
CVE-2026-33260vulnerablevulnerablefixedfixedfixedAn attacker can send a web request that causes unlimited memory alloca ...
CVE-2026-33257vulnerablevulnerablefixedfixedfixedAn attacker can send a web request that causes unlimited memory alloca ...
CVE-2026-33254vulnerablevulnerablefixedfixedfixedAn attacker can create a large number of concurrent DoQ or DoH3 connec ...
CVE-2026-27854vulnerablevulnerablefixedfixedfixedAn attacker might be able to trigger a use-after-free by sending craft ...
CVE-2026-27853vulnerablevulnerablefixedfixedfixedAn attacker might be able to trigger an out-of-bounds write by sending ...
CVE-2026-24030vulnerablevulnerablefixedfixedfixedAn attacker might be able to trick DNSdist into allocating too much me ...
CVE-2026-24029vulnerablevulnerablefixedfixedfixedWhen the early_acl_drop (earlyACLDrop in Lua) option is disabled (defa ...
CVE-2026-24028vulnerablevulnerablefixedfixedfixedAn attacker might be able to trigger an out-of-bounds read by sending ...
CVE-2026-0397vulnerablevulnerablefixedfixedfixedWhen the internal webserver is enabled (default is disabled), an attac ...
CVE-2026-0396vulnerablevulnerablefixedfixedfixedAn attacker might be able to inject HTML content into the internal web ...
CVE-2025-30193vulnerablevulnerablefixedfixedfixedIn some circumstances, when DNSdist is configured to allow an unlimite ...
CVE-2023-44487vulnerable (no DSA)vulnerablefixedfixedfixedThe HTTP/2 protocol allows a denial of service (server resource consum ...

Resolved issues

BugDescription
CVE-2025-30194When DNSdist is configured to provide DoH via the nghttp2 provider, an ...
CVE-2025-30187In some circumstances, when DNSdist is configured to use the nghttp2 l ...
CVE-2024-25581When incoming DNS over HTTPS support is enabled using the nghttp2 prov ...
CVE-2018-14663An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a re ...
CVE-2017-7557dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechan ...
CVE-2016-7069An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT r ...

Security announcements

DSA / DLADescription
DSA-6235-1dnsdist - security update
Search for package or bug name: Reporting problems