// For flags

CVE-2024-25581

Transfer requests received over DoH can lead to a denial of service in DNSdist

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing the process to stop and thus leading to a Denial of Service. DNS over HTTPS is not enabled by default, and backends are using plain DNS (Do53) by default.

Cuando la compatibilidad con DNS entrante sobre HTTPS está habilitada mediante el proveedor nghttp2 y las consultas se enrutan a un backend solo tcp o DNS sobre TLS, un atacante puede desencadenar una falla de aserción en DNSdist enviando una solicitud de transferencia de zona (AXFR o IXFR). a través de DNS a través de HTTPS, lo que provoca que el proceso se detenga y, por lo tanto, conduce a una Denegación de Servicio. DNS sobre HTTPS no está habilitado de forma predeterminada y los servidores utilizan DNS simple (Do53) de forma predeterminada.

*Credits: Daniel Stirnimann from Switch
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-02-08 CVE Reserved
  • 2024-05-13 CVE Published
  • 2024-05-14 EPSS Updated
  • 2024-08-01 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
  • CAPEC-212: Functionality Misuse
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
PowerDNS
Search vendor "PowerDNS"
DNSdist
Search vendor "PowerDNS" for product "DNSdist"
1.9.0
Search vendor "PowerDNS" for product "DNSdist" and version "1.9.0"
en
Affected
PowerDNS
Search vendor "PowerDNS"
DNSdist
Search vendor "PowerDNS" for product "DNSdist"
1.9.1
Search vendor "PowerDNS" for product "DNSdist" and version "1.9.1"
en
Affected
PowerDNS
Search vendor "PowerDNS"
DNSdist
Search vendor "PowerDNS" for product "DNSdist"
1.9.2
Search vendor "PowerDNS" for product "DNSdist" and version "1.9.2"
en
Affected
PowerDNS
Search vendor "PowerDNS"
DNSdist
Search vendor "PowerDNS" for product "DNSdist"
1.9.3
Search vendor "PowerDNS" for product "DNSdist" and version "1.9.3"
en
Affected