Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
6DescriptionCVE.org
A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released until the end of the connection.
AnalysisAI
dnsdist can be forced into excessive memory allocation when a client generates high volumes of DNS queries routed to an overloaded DNS-over-HTTPS (DoH) backend, causing queries to accumulate in an unbounded buffer that persists until connection closure. This denial-of-service condition affects dnsdist deployments with DoH backends under load, allowing unauthenticated remote attackers to exhaust server memory with sustained query traffic.
Technical ContextAI
dnsdist is a DNS load balancer and distributor that forwards DNS queries to backend resolvers, including DNS-over-HTTPS (DoH) endpoints. The vulnerability resides in the DoH backend routing logic, where incoming client queries are buffered while awaiting responses from the overloaded DoH server. The root cause is improper memory management: when the DoH backend becomes saturated, query buffers are not released incrementally but instead accumulate until the client connection terminates. This violates the principle of bounded resource allocation in network services. The issue is exacerbated when clients maintain persistent connections and repeat queries; each query adds to an unbounded accumulator rather than being discarded or rate-limited. CWE classification is not provided by the vendor, but this pattern aligns with CWE-400 (Uncontrolled Resource Consumption) or CWE-770 (Allocation of Resources Without Limits or Throttling).
RemediationAI
Apply the patched version of dnsdist released by PowerDNS in response to advisory 2026-04, available at https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html. The patch implements bounded buffer allocation and query discarding for overloaded DoH backends. Until patching is feasible, implement rate-limiting on inbound DNS queries using dnsdist's query rate-limiting rules to cap queries from individual clients or subnets, reducing buffer accumulation. Additionally, configure backend health checks and failover to alternative DoH servers to prevent sustained overload conditions. Monitor memory usage on dnsdist instances with DoH backends and set alerts to trigger on sustained memory growth above baseline; consider implementing memory limits via operating system controls (cgroups, ulimit) as a fail-safe. These mitigations reduce attack impact but do not eliminate the root cause and should be treated as temporary measures pending patch deployment.
Same technique Denial Of Service
View allVendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| SUSE Linux Enterprise Desktop 15 SP7 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 16.0 | Fixed |
| SUSE Linux Enterprise Server 16.1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP4 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP6 | Fixed |
| SUSE Linux Enterprise Server 15 SP4 | Fixed |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP5 | Fixed |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP6 | Fixed |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Fixed |
| SUSE Manager Proxy 4.3 | Fixed |
| SUSE Manager Proxy LTS 4.3 | Fixed |
| SUSE Manager Retail Branch Server 4.3 | Fixed |
| SUSE Manager Retail Branch Server LTS 4.3 | Fixed |
| SUSE Manager Server 4.3 | Fixed |
| SUSE Manager Server LTS 4.3 | Fixed |
| SUSE CaaS Platform 4.0 | Fixed |
| SUSE Enterprise Storage 7.1 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP4 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP5 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP6 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | Fixed |
| SUSE Linux Enterprise Real Time 15 SP4 | Fixed |
| SUSE Linux Enterprise Server 15 SP1-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP2-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP3-LTSS | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP2 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-24931