Michael Wedl

**Name of the Vulnerable Software and Affected Versions** Technitium DNS Server versions <= 13.2.2 **Description** The issue allows remote attackers to permanently stop the server from accepting new DNS-over-QUIC connections by triggering unhandled exceptions in listener threads. This can lead to a denial of service in DNS-over-QUIC. **Recommendations** For Technitium DNS Server versions <= 13.2.2, update to a version higher than 13.2.2 to resolve the issue. As a temporary workaround, consider restricting access to the DNS-over-QUIC functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** HAProxy versions 2.9.x through 2.9.10 HAProxy versions 3.0.x through 3.0.4 HAProxy versions 3.1.x through 3.1-dev6 **Description** The issue allows an attacker to open a 0-RTT session with a spoofed IP address, bypassing the IP allow/block list functionality. This can be exploited by a remote attacker to bypass authentication. The vulnerability is related to the QUIC protocol in HAProxy. **Recommendations** For HAProxy versions 2.9.x through 2.9.10, update to version 2.9.11 to resolve the issue. For HAProxy versions 3.0.x through 3.0.4, update to version 3.0.5 to resolve the issue. For HAProxy versions 3.1.x through 3.1-dev6, update to version 3.1-dev7 or later to resolve the issue. As a temporary workaround, consider restricting access to the QUIC protocol until a patch is available.