Search for packages
| purl | pkg:deb/debian/dnsdist@1.7.3-2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-c4d1-jsqh-hban
Aliases: CVE-2023-44487 GHSA-qppj-fm5r-hxr3 VSV00013 |
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
Affected by 0 other vulnerabilities. |
|
VCID-y7uc-njvq-bbcj
Aliases: CVE-2025-30193 |
In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.10 version. A workaround is to restrict the maximum number of queries on incoming TCP connections to a safe value, like 50, via the setMaxTCPQueriesPerConnection setting. We would like to thank Renaud Allard for bringing this issue to our attention. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-04T19:12:45.482727+00:00 | Debian Importer | Affected by | VCID-c4d1-jsqh-hban | https://security-tracker.debian.org/tracker/data/json | 37.0.0 |
| 2025-07-03T17:12:57.912960+00:00 | Debian Importer | Affected by | VCID-y7uc-njvq-bbcj | https://security-tracker.debian.org/tracker/data/json | 37.0.0 |
| 2025-07-01T16:29:17.313817+00:00 | Debian Importer | Affected by | VCID-c4d1-jsqh-hban | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-07-01T15:53:46.322145+00:00 | Debian Importer | Affected by | VCID-y7uc-njvq-bbcj | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |