CVE-2025-30193
- Source
- https://cve.org/CVERecord?id=CVE-2025-30193
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-30193.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-30193
- Downstream
- Related
- Published
- 2025-05-20T12:15:19Z
- Modified
- 2026-02-04T03:35:40.451032Z
- Summary
- [none]
- Details
-
In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of service.
The remedy is: upgrade to the patched 1.9.10 version.
A workaround is to restrict the maximum number of queries on incoming TCP connections to a safe value, like 50, via the setMaxTCPQueriesPerConnection setting.
We would like to thank Renaud Allard for bringing this issue to our attention.
- References