CVE-2025-30187Infinite Loop in Dnsdist

CWE-835Infinite Loop7 documents6 sources
Severity
3.7LOWNVD
EPSS
0.0%
top 98.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Powerdns Dnsdist
Timeline
PublishedSep 18
Latest updateFeb 12

Description

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.2 | Impact: 1.4

Affected Packages3 packages

CVEListV5powerdns/dnsdist1.9.01.9.11+1
Debianpowerdns/dnsdist< 1.9.10-1+deb13u1+1
Ubuntupowerdns/dnsdist< 1.9.10-1ubuntu0.1+2

🔴Vulnerability Details

4
OSV
dnsdist vulnerabilities2026-02-12
OSV
CVE-2025-30187: In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to2025-09-18
CVEList
Denial of service via crafted DoH exchange in PowerDNS DNSdist2025-09-18
GHSA
GHSA-2qmc-ch65-q9cm: In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to2025-09-18

📋Vendor Advisories

2
Ubuntu
DNSdist vulnerabilities2026-02-12
Debian
CVE-2025-30187: dnsdist - In some circumstances, when DNSdist is configured to use the nghttp2 library to ...2025
CVE-2025-30187 — Infinite Loop in Powerdns Dnsdist | cvebase