CVE-2025-30193Uncontrolled Recursion in Dnsdist

CWE-674Uncontrolled Recursion7 documents6 sources
Severity
7.5HIGHNVD
OSV3.7
EPSS
0.2%
top 63.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Powerdns Dnsdist
Timeline
PublishedMay 20
Latest updateFeb 12

Description

In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.10 version. A workaround is to restrict the maximum number of queries on incoming TCP connections to a safe value, like 50, via the setMaxTCPQueriesPer

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Debianpowerdns/dnsdist< 1.9.10-1+1
Ubuntupowerdns/dnsdist< 1.9.10-1ubuntu0.1+2

🔴Vulnerability Details

4
OSV
dnsdist vulnerabilities2026-02-12
OSV
CVE-2025-30193: In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attac2025-05-20
CVEList
Denial of service via crafted TCP exchange2025-05-20
GHSA
GHSA-4q3h-v92p-gchj: In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attac2025-05-20

📋Vendor Advisories

2
Ubuntu
DNSdist vulnerabilities2026-02-12
Debian
CVE-2025-30193: dnsdist - In some circumstances, when DNSdist is configured to allow an unlimited number o...2025
CVE-2025-30193 — Uncontrolled Recursion in Dnsdist | cvebase