PT-2025-3350 · Technitium · Technitium Dns Server
Michael Wedl
·
Published
2025-02-03
·
Updated
2025-02-03
·
CVE-2024-56946
CVSS v3.1
5.3
Medium
| Vector | AC:L/AV:N/A:L/C:N/I:N/PR:N/S:U/UI:N |
Name of the Vulnerable Software and Affected Versions
Technitium DNS Server versions <= 13.2.2
Description
The issue allows remote attackers to permanently stop the server from accepting new DNS-over-QUIC connections by triggering unhandled exceptions in listener threads. This can lead to a denial of service in DNS-over-QUIC.
Recommendations
For Technitium DNS Server versions <= 13.2.2, update to a version higher than 13.2.2 to resolve the issue.
As a temporary workaround, consider restricting access to the DNS-over-QUIC functionality until a patch is available.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Technitium Dns Server