Primary

Context

PowerDNS DNSdist Excessive Memory Allocation Vulnerability via DoQ and DoH3 Connections

Vulnerability

Patched

A vulnerability in PowerDNS DNSdist versions prior to 1.9.13 and 2.0.4 allows clients to cause excessive memory allocation by generating numerous error responses over a single DoQ or DoH3 connection. This issue arises because certain resources are not properly released until the connection ends, leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes unlimited memory allocation, leading to a denial-of-service condition where the application may become unresponsive or crash.

Remediation

Users can upgrade to PowerDNS DNSdist versions 1.9.13 or 2.0.4, or disable DoQ and DoH3, which are disabled by default.

Added: Apr 22, 2026, 2:30 PM

Updated: Apr 22, 2026, 2:30 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

8.3

remediation

7.9

relevance

6.5

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

8.3

remediation

7.9

relevance

6.5

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PowerDNS DNSdist Excessive Memory Allocation Vulnerability via DoQ and DoH3 Connections

Vulnerability

Impact

Remediation

Affected Products

PowerDNS DNSdist

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating