An issue in Technitium DNS Server version 14.3 and earlier allows a of service by targeting the DnsServerApp.exe, DnsServerApp.dll, and TechnitiumLibrary.Net/Dns/DnsClient.cs components. The vulnerability can be triggered from outside the local network and leads to a crash or unresponsive state of the DNS service, potentially disrupting normal DNS resolution for clients that rely on that server. It does not provide code execution or data disclosure capabilities, but the interruption of DNS service can have serious availability consequences for organizations depending on it.

Technitium DNS Server v14.3 and all prior releases. The affected components are the DnsServerApp executable, its associated dynamic link library, and the DnsClient code in the TechnitiumLibrary.Net namespace. Administrators should verify that they are running any version of the software predating the fix, and consider upgrading if possible.

The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, so at present the probability of exploitation is unknown. However, the CVSS score is not supplied in the public data, yet the nature of the flaw – a simple denial of service triggered remotely – indicates that an attacker who can reach the server could degrade or interrupt DNS traffic with minimal effort. There is no indication that special privileges or internal access are required, so any remote host that can contact the server may be able to trigger the exploit.