CVE-2025-30193

HIGH 7.5

Our Analysis: General-Purpose

Our model has classified this vulnerability as relevant to General-Purpose Systems, helping your team prioritize efforts effectively.

Published Date May 20, 2025

Last Modified May 21, 2025

CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of service.

The remedy is: upgrade to the patched 1.9.10 version.

A workaround is to restrict the maximum number of queries on incoming TCP connections to a safe value, like 50, via the setMaxTCPQueriesPerConnection setting.

We would like to thank Renaud Allard for bringing this issue to our attention.