Search CVE reports
1 – 9 of 9 results
In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded...
1 affected package
dnsdist
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dnsdist | Not affected | Not affected | Not affected | Not affected |
Some fixes available 2 of 23
A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to...
5 affected packages
h2o, haproxy, lighttpd, varnish, dnsdist
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| h2o | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| haproxy | Not affected | Not affected | Not affected | Not affected |
| lighttpd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| varnish | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| dnsdist | Fixed | Not affected | Not affected | Not affected |
Some fixes available 2 of 4
In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an...
1 affected package
dnsdist
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dnsdist | Fixed | Fixed | Not affected | Not affected |
When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial...
1 affected package
dnsdist
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dnsdist | Not affected | Not affected | Not affected | Not affected |
When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a...
1 affected package
dnsdist
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dnsdist | Not affected | Not affected | Not affected | Not affected |
Some fixes available 32 of 46
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
14 affected packages
haproxy, tomcat10, tomcat9, trafficserver, h2o...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| haproxy | Not affected | Not affected | Not affected | Fixed |
| tomcat10 | Not affected | Not in release | Not in release | Ignored |
| tomcat9 | Not affected | Fixed | Fixed | Fixed |
| trafficserver | Not affected | Fixed | Fixed | Not affected |
| h2o | Not affected | Fixed | Fixed | Fixed |
| tomcat8 | Not in release | Not in release | Not in release | Fixed |
| dotnet6 | Not in release | Fixed | Not in release | Not in release |
| dotnet7 | Not in release | Fixed | Not in release | Not in release |
| dotnet8 | Fixed | Not affected | Not in release | Not in release |
| nginx | Not affected | Not affected | Not affected | Not affected |
| nghttp2 | Not affected | Fixed | Fixed | Fixed |
| nodejs | Not affected | Fixed | Fixed | Fixed |
| netty | Not affected | Fixed | Fixed | Not affected |
| dnsdist | Not affected | Vulnerable | Not affected | Not affected |
An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet,...
1 affected package
dnsdist
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dnsdist | Not affected | Not affected | Not affected | Vulnerable |
An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT...
1 affected package
dnsdist
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dnsdist | Not affected | Not affected | Not affected | Not affected |
dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.
1 affected package
dnsdist
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dnsdist | Not affected | Not affected | Not affected | Not affected |