Dnsdist · Dnsdist · CVE-2025-30194
**Name of the Vulnerable Software and Affected Versions**
DNSdist versions prior to 1.9.9
**Description**
When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service.
**Recommendations**
To resolve the issue, upgrade to the patched 1.9.9 version.
As a temporary workaround, consider switching to the h2o provider until DNSdist has been upgraded to a fixed version.