Primary

Context

PowerDNS DNSdist Denial-of-Service Vulnerability via Uncontrolled Memory Allocation in Internal Web Server

Vulnerability

Patched

A denial-of-service vulnerability has been identified in PowerDNS DNSdist versions through 2.0.3 and 1.9.12. The issue arises from the internal web server, which is disabled by default, allowing an attacker to send crafted HTTP requests that cause unlimited memory allocation. This excessive memory use can lead to a service crash.

Impact

Exploitation of this vulnerability causes excessive memory consumption, leading to a denial-of-service condition where the service becomes unresponsive or unavailable.

Remediation

Users can upgrade to PowerDNS DNSdist versions 1.9.13 or 2.0.4, where this vulnerability has been patched. Alternatively, the internal web server can be disabled or restricted to trusted clients.

Added: Apr 22, 2026, 11:17 AM

Updated: Apr 22, 2026, 11:17 AM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

7.6

remediation

7.9

relevance

6.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

7.6

remediation

7.9

relevance

6.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PowerDNS DNSdist Denial-of-Service Vulnerability via Uncontrolled Memory Allocation in Internal Web Server

Vulnerability

Impact

Remediation

Affected Products

PowerDNS DNSdist

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating