Home
LOW: 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:NDefault status
unaffected
1.9.0 (semver) before 1.9.15
affected
2.0.0 (semver) before 2.0.7
affected
Description
An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires.
Problem types
Improper Encoding or Escaping of Output
Product status
1.9.0 (semver) before 1.9.15
2.0.0 (semver) before 2.0.7
Credits
Haruki Oyama (Waseda University)
References
www.dnsdist.org/...owerdns-advisory-for-dnsdist-2026-09.html