CVE-2026-24030Memory Allocation with Excessive Size Value in Dnsdist

CWE-789Memory Allocation with Excessive Size Value8 documents7 sources
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 96.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Powerdns Dnsdist
Timeline
PublishedMar 31

Description

An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connection is properly closed, but in some cases the system might enter an out-of-memory state instead and terminate the process.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5powerdns/dnsdist1.9.01.9.12+1
Debianpowerdns/dnsdist< 2.0.3-1

🔴Vulnerability Details

3
GHSA
GHSA-v2vv-6q75-rvc9: An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a2026-03-31
OSV
CVE-2026-24030: An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a2026-03-31
CVEList
Unbounded memory allocation for DoQ and DoH32026-03-31

📋Vendor Advisories

1
Debian
CVE-2026-24030: dnsdist - An attacker might be able to trick DNSdist into allocating too much memory while...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-24030 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

2
Bugzilla
CVE-2026-24030 dnsdist: DNSdist: Denial of Service via excessive memory allocation from DNS over QUIC or HTTP/3 payloads [epel-all]2026-03-31
Bugzilla
CVE-2026-24030 dnsdist: DNSdist: Denial of Service via excessive memory allocation from DNS over QUIC or HTTP/3 payloads [fedora-all]2026-03-31
CVE-2026-24030 — Powerdns Dnsdist vulnerability | cvebase