Search CVE reports
11 – 20 of 52 results
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
3 affected packages
dnsdist, pdns, pdns-recursor
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dnsdist | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pdns | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pdns-recursor | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no client certificate is needed when the request comes in over TLS over the regular...
1 affected package
nsd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nsd | Fixed | Not affected | Not affected | Not affected | Not affected |
Some fixes available 5 of 6
NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111...
1 affected package
nsd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nsd | Fixed | Fixed | Fixed | Fixed | Fixed |
Some fixes available 1 of 2
NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the...
1 affected package
nsd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nsd | Fixed | Not affected | Not affected | Not affected | Not affected |
Some fixes available 1 of 2
If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let's an (uint16_t) variable that is used...
1 affected package
nsd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nsd | Fixed | Not affected | Not affected | Not affected | Not affected |
A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service.
1 affected package
dnsdist
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dnsdist | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade (Lua) option to newServer or auto_upgrade (YAML) settings. DDR upgrade is not enabled by default.
1 affected package
dnsdist
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dnsdist | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on a packet cache.
1 affected package
dnsdist
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dnsdist | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
PRSD detection denial of service
1 affected package
dnsdist
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dnsdist | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DNS over TLS backend.
1 affected package
dnsdist
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dnsdist | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |