PT-2025-18142 · Dnsdist+1 · Dnsdist+1

Charles Howes

Published

2025-04-29

Updated

2025-05-29

CVE-2025-30194

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions DNSdist versions prior to 1.9.9

Description When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service.

Recommendations To resolve the issue, upgrade to the patched 1.9.9 version. As a temporary workaround, consider switching to the h2o provider until DNSdist has been upgraded to a fixed version.

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2026-00246

CVE-2025-30194

OPENSUSE-SU-2025:15157-1

SUSE-SU-2025:01743-1

Affected Products

Dnsdist

Suse

PT-2025-18142 · Dnsdist+1 · Dnsdist+1

CVE-2025-30194

Weakness Enumeration

Related Identifiers

Affected Products

References · 43