CVE-2025-30193 (GCVE-0-2025-30193)

Vulnerability from cvelistv5 – Published: 2025-05-20 11:17 – Updated: 2025-05-20 13:16
VLAI?
Summary
In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.10 version. A workaround is to restrict the maximum number of queries on incoming TCP connections to a safe value, like 50, via the setMaxTCPQueriesPerConnection setting. We would like to thank Renaud Allard for bringing this issue to our attention.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
Assigner
OX
References
Impacted products
Vendor Product Version
PowerDNS DNSdist Unaffected: 1.9.10 (semver)
Create a notification for this product.
Credits
Renaud Allard
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30193",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-20T13:16:06.361581Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-20T13:16:34.707Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.powerdns.com/",
          "defaultStatus": "affected",
          "modules": [
            "DNS over TCP"
          ],
          "packageName": "dnsdist",
          "product": "DNSdist",
          "programFiles": [
            "dnsdist-tcp.cc"
          ],
          "repo": "https://github.com/PowerDNS/pdns",
          "vendor": "PowerDNS",
          "versions": [
            {
              "status": "unaffected",
              "version": "1.9.10",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Renaud Allard"
        }
      ],
      "datePublic": "2025-05-20T11:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of service.\u003cbr\u003e\u003cbr\u003eThe remedy is: upgrade to the patched 1.9.10 version.\u003cbr\u003e\u003cbr\u003eA workaround is to restrict the maximum number of queries on incoming TCP connections to a safe value, like 50, via the setMaxTCPQueriesPerConnection setting.\u003cbr\u003e\u003cbr\u003eWe would like to thank Renaud Allard for bringing this issue to our attention.\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of service.\n\nThe remedy is: upgrade to the patched 1.9.10 version.\n\nA workaround is to restrict the maximum number of queries on incoming TCP connections to a safe value, like 50, via the setMaxTCPQueriesPerConnection setting.\n\nWe would like to thank Renaud Allard for bringing this issue to our attention."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674 Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-20T11:17:17.378Z",
        "orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
        "shortName": "OX"
      },
      "references": [
        {
          "url": "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-03.html"
        }
      ],
      "source": {
        "advisory": "PowerDNS Security Advisory 2025-03",
        "discovery": "EXTERNAL"
      },
      "title": "Denial of service via crafted TCP exchange",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
    "assignerShortName": "OX",
    "cveId": "CVE-2025-30193",
    "datePublished": "2025-05-20T11:17:17.378Z",
    "dateReserved": "2025-03-18T08:39:46.884Z",
    "dateUpdated": "2025-05-20T13:16:34.707Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-30193\",\"sourceIdentifier\":\"security@open-xchange.com\",\"published\":\"2025-05-20T12:15:19.697\",\"lastModified\":\"2025-05-21T20:25:16.407\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of service.\\n\\nThe remedy is: upgrade to the patched 1.9.10 version.\\n\\nA workaround is to restrict the maximum number of queries on incoming TCP connections to a safe value, like 50, via the setMaxTCPQueriesPerConnection setting.\\n\\nWe would like to thank Renaud Allard for bringing this issue to our attention.\"},{\"lang\":\"es\",\"value\":\"En algunas circunstancias, cuando DNSdist est\u00e1 configurado para permitir un n\u00famero ilimitado de consultas en una \u00fanica conexi\u00f3n TCP entrante desde un cliente, un atacante puede provocar una denegaci\u00f3n de servicio manipulando un intercambio TCP que provoca el agotamiento de la pila y un bloqueo de DNSdist, lo que provoca una denegaci\u00f3n de servicio. La soluci\u00f3n es actualizar a la versi\u00f3n 1.9.10 con el parche. Una alternativa consiste en restringir el n\u00famero m\u00e1ximo de consultas en las conexiones TCP entrantes a un valor seguro, como 50, mediante la configuraci\u00f3n setMaxTCPQueriesPerConnection. Agradecemos a Renaud Allard por informarnos sobre este problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@open-xchange.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@open-xchange.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-674\"}]}],\"references\":[{\"url\":\"https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-03.html\",\"source\":\"security@open-xchange.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-30193\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-20T13:16:06.361581Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-20T13:16:25.553Z\"}}], \"cna\": {\"title\": \"Denial of service via crafted TCP exchange\", \"source\": {\"advisory\": \"PowerDNS Security Advisory 2025-03\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Renaud Allard\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/PowerDNS/pdns\", \"vendor\": \"PowerDNS\", \"modules\": [\"DNS over TCP\"], \"product\": \"DNSdist\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.9.10\", \"versionType\": \"semver\"}], \"packageName\": \"dnsdist\", \"programFiles\": [\"dnsdist-tcp.cc\"], \"collectionURL\": \"https://repo.powerdns.com/\", \"defaultStatus\": \"affected\"}], \"datePublic\": \"2025-05-20T11:00:00.000Z\", \"references\": [{\"url\": \"https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-03.html\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of service.\\n\\nThe remedy is: upgrade to the patched 1.9.10 version.\\n\\nA workaround is to restrict the maximum number of queries on incoming TCP connections to a safe value, like 50, via the setMaxTCPQueriesPerConnection setting.\\n\\nWe would like to thank Renaud Allard for bringing this issue to our attention.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of service.\u003cbr\u003e\u003cbr\u003eThe remedy is: upgrade to the patched 1.9.10 version.\u003cbr\u003e\u003cbr\u003eA workaround is to restrict the maximum number of queries on incoming TCP connections to a safe value, like 50, via the setMaxTCPQueriesPerConnection setting.\u003cbr\u003e\u003cbr\u003eWe would like to thank Renaud Allard for bringing this issue to our attention.\u003cbr\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-674\", \"description\": \"CWE-674 Uncontrolled Recursion\"}]}], \"providerMetadata\": {\"orgId\": \"8ce71d90-2354-404b-a86e-bec2cc4e6981\", \"shortName\": \"OX\", \"dateUpdated\": \"2025-05-20T11:17:17.378Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-30193\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-20T13:16:34.707Z\", \"dateReserved\": \"2025-03-18T08:39:46.884Z\", \"assignerOrgId\": \"8ce71d90-2354-404b-a86e-bec2cc4e6981\", \"datePublished\": \"2025-05-20T11:17:17.378Z\", \"assignerShortName\": \"OX\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.