CVE-2025-30194
CVSS Score
V3.1Attack Vector Metrics
Impact Metrics
Description
When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service.
The remedy is: upgrade to the patched 1.9.9 version.
A workaround is to temporarily switch to the h2o provider until DNSdist has been upgraded to a fixed version.
We would like to thank Charles Howes for bringing this issue to our attention.
Available Exploits
Related News
The PowerDNS team has issued a high-severity security advisory—CVE-2025-30194—regarding a newly discovered denial-of-service (DoS) vulnerability in DNSdist, the The post High-Severity DoS Vulnerability Found in PowerDNS DNSdist (CVE-2025-30194) appeared first on Daily CyberSecurity.
Posted by Remi Gacogne on Apr 29Hi all, We released PowerDNS DNSdist 1.9.9 today, an emergency release fixing a security issue tracked as CVE-2025-30194 where a remote, unauthenticated attacker can cause a denial of service via a crafted DNS over HTTPS co…