Primary

Context

PowerDNS DNSdist PRSD Detection Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in PowerDNS DNSdist versions through 2.0.3 and 1.9.12. This issue arises from the PRSD detection algorithm, which can be disrupted by a crafted query containing an invalid DNS label. The vulnerability prevents the algorithm from executing properly, leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by preventing the proper execution of the PRSD detection algorithm, which is used in certain blocking rules.

Remediation

Users can upgrade to PowerDNS DNSdist versions 1.9.13 or 2.0.4, where this vulnerability has been patched. Alternatively, the issue can be mitigated by making the internal web server only accessible to trusted clients.

Added: Apr 22, 2026, 2:28 PM

Updated: Apr 22, 2026, 2:28 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

7.6

remediation

7.9

relevance

6.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

7.6

remediation

7.9

relevance

6.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PowerDNS DNSdist PRSD Detection Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

PowerDNS DNSdist

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating