Home

Description

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources.

PUBLISHED Reserved 2025-03-18 | Published 2025-09-18 | Updated 2025-09-18 | Assigner OX




LOW: 3.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Problem types

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

Product status

Default status
unaffected

1.9.0 (semver) before 1.9.11
affected

2.0.0 (semver) before 2.0.1
affected

References

www.dnsdist.org/...owerdns-advisory-for-dnsdist-2025-05.html

cve.org (CVE-2025-30187)

nvd.nist.gov (CVE-2025-30187)

Download JSON