When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing the process to stop and thus leading to a Denial of Service. DNS over HTTPS is not enabled by default, and backends are using plain DNS (Do53) by default.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: OX
Published: 2024-05-13T11:49:24.500Z
Updated: 2024-08-01T23:44:09.662Z
Reserved: 2024-02-08T08:15:37.204Z
Link: CVE-2024-25581
Vulnrichment
Updated: 2024-08-01T23:44:09.662Z
NVD
Status : Awaiting Analysis
Published: 2024-05-14T15:05:29.707
Modified: 2024-06-10T18:15:27.650
Link: CVE-2024-25581
Redhat
No data.