#VU109600 Resource exhaustion in dnsdist - CVE-2025-30193

Cybersecurity Help s.r.o.

Published: 2025-05-21

Vulnerability identifier: #VU109600

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-30193

CWE-ID: CWE-400

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
dnsdist
Server applications / Other server solutions

Vendor: PowerDNS.COM B.V.

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of incoming TCP connections from the client. A remote attacker can initiate a crafted TCP exchange and perform a denial of service (DoS) attack through stack exhaustion.

Mitigation
Install update from vendor's website.

Vulnerable software versions

dnsdist: 1.0.0 - 1.9.9

External links
https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-03.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for dnsdist

Fedora EPEL 9 update for dnsdist

Fedora 41 update for dnsdist

Fedora 42 update for dnsdist

Remote denial of service in PowerDNS DNSdist