Primary

Context

PowerDNS DNSdist Outgoing DoH Excessive Memory Allocation Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in PowerDNS DNSdist versions 1.9.12 and prior to 2.0.4. This issue allows a client to cause excessive memory allocation by sending a large number of queries to an overloaded DoH backend. The accumulated queries create a buffer that remains filled until the connection is closed. This vulnerability can lead to resource exhaustion and potential service disruption.

Impact

Exploitation of this vulnerability causes unlimited memory allocation, leading to a denial-of-service condition where the service becomes unresponsive or unavailable.

Remediation

Users can upgrade to PowerDNS DNSdist versions 1.9.13 or 2.0.4, where this vulnerability has been fixed. Alternatively, outgoing DoH can be disabled to mitigate the issue.

Added: Apr 22, 2026, 2:31 PM

Updated: Apr 22, 2026, 2:31 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

7.2

remediation

7.9

relevance

6.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

7.2

remediation

7.9

relevance

6.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PowerDNS DNSdist Outgoing DoH Excessive Memory Allocation Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

PowerDNS DNSdist

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating