VDB
DEBIAN-CVE-2025-30187
DEBIAN-CVE-2025-30187
PUBLISHED
CVSS 3.700000047683716 LOW
In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources.
Risk Scores
CVSS 3.1
3.700000047683716
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | dnsdist | *, 2.0.0, 2.0.0 |
| Debian:13 | dnsdist | 1.9.10-1, 0, 1.9.10-1 |
Timeline
- Sep 18, 2025 CVE Published
- Apr 28, 2026 CVE Updated