Primary

Context

PowerDNS DNSdist Denial-of-Service Vulnerability via DoQ or DoH3 Connections

Vulnerability

Patched

A denial-of-service vulnerability has been identified in PowerDNS DNSdist versions through 2.0.3 and 1.9.12. The issue arises when an attacker creates a large number of concurrent DoQ or DoH3 connections, leading to unlimited memory allocation and causing the application to become unresponsive. Although DoQ and DoH3 are disabled by default, this vulnerability can still be exploited if these protocols are enabled.

Impact

Exploitation of this vulnerability causes excessive memory usage, leading to a denial-of-service condition where the application becomes unresponsive.

Remediation

Users can upgrade to PowerDNS DNSdist versions 1.9.13 or 2.0.4, where this vulnerability has been patched. Alternatively, DoQ and DoH3 can be disabled.

Added: Apr 22, 2026, 2:32 PM

Updated: Apr 22, 2026, 2:32 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

8.3

remediation

7.9

relevance

6.5

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

8.3

remediation

7.9

relevance

6.5

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PowerDNS DNSdist Denial-of-Service Vulnerability via DoQ or DoH3 Connections

Vulnerability

Impact

Remediation

Affected Products

PowerDNS DNSdist

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating