Home
MEDIUM: 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LDefault status
unaffected
5.0.0 (semver) before 5.0.4
affected
4.9.0 (semver) before 4.9.14
affected
Default status
unaffected
1.9.0 (semver) before 1.9.13
affected
2.0.0 (semver) before 2.0.4
affected
Default status
unaffected
5.4.0 (semver) before 5.4.1
affected
5.3.0 (semver) before 5.3.6
affected
5.2.0 (semver) before 5.2.9
affected
Description
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
Problem types
Allocation of Resources Without Limits or Throttling
Product status
5.0.0 (semver) before 5.0.4
4.9.0 (semver) before 4.9.14
1.9.0 (semver) before 1.9.13
2.0.0 (semver) before 2.0.4
5.4.0 (semver) before 5.4.1
5.3.0 (semver) before 5.3.6
5.2.0 (semver) before 5.2.9
Credits
Cavid
References
docs.powerdns.com/...visories/powerdns-advisory-2026-05.html
www.dnsdist.org/...owerdns-advisory-for-dnsdist-2026-04.html
docs.powerdns.com/...powerdns-advisory-powerdns-2026-03.html