Dnsdist · Dnsdist · CVE-2025-30193
**Name of the Vulnerable Software and Affected Versions**
DNSdist versions prior to 1.9.10
**Description**
In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of service.
**Recommendations**
Upgrade to the patched 1.9.10 version.
As a temporary workaround, consider restricting the maximum number of queries on incoming TCP connections to a safe value, like 50, via the `setMaxTCPQueriesPerConnection` setting.