Search for packages
Package details: pkg:deb/debian/dnsdist@1.9.10-1
purl pkg:deb/debian/dnsdist@1.9.10-1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-c4d1-jsqh-hban The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487
GHSA-qppj-fm5r-hxr3
VSV00013
VCID-y7uc-njvq-bbcj In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.10 version. A workaround is to restrict the maximum number of queries on incoming TCP connections to a safe value, like 50, via the setMaxTCPQueriesPerConnection setting. We would like to thank Renaud Allard for bringing this issue to our attention. CVE-2025-30193

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-04T19:12:45.484936+00:00 Debian Importer Fixing VCID-c4d1-jsqh-hban https://security-tracker.debian.org/tracker/data/json 37.0.0
2025-07-03T17:12:57.915118+00:00 Debian Importer Fixing VCID-y7uc-njvq-bbcj https://security-tracker.debian.org/tracker/data/json 37.0.0
2025-07-01T16:29:17.316977+00:00 Debian Importer Fixing VCID-c4d1-jsqh-hban https://security-tracker.debian.org/tracker/data/json 36.1.3
2025-07-01T15:53:46.325111+00:00 Debian Importer Fixing VCID-y7uc-njvq-bbcj https://security-tracker.debian.org/tracker/data/json 36.1.3