FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2026-04-21 15:18:23 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
c2253bff-9952-11f0-b6e2-6805ca2fa271	dnsdist -- Denial of service via crafted DoH exchange security@open-xchange.com reports: In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources. The offending code was introduced in DNSdist 1.9.0-alpha1 so previous versions are not affected. Discovery 2025-09-18 Entry 2025-09-24 Modified 2025-09-26 dnsdist < 1.9.11 >= 2.0.0 lt 2.0.1 CVE-2025-30187 https://nvd.nist.gov/vuln/detail/CVE-2025-30187
431c2753-3503-11f1-bc6d-3c7c3fba4204	DNSdist -- vulnerabilities https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html reports: CVE-2026-0396: HTML injection in the web dashboard CVE-2026-0397: Information disclosure via CORS misconfiguration CVE-2026-24028: Out-of-bounds read when parsing DNS packets via Lua CVE-2026-24029: DNS over HTTPS ACL bypass CVE-2026-24030: Unbounded memory allocation for DoQ and DoH3 CVE-2026-27853: Out-of-bounds write when rewriting large DNS packets CVE-2026-27854: Use after free when parsing EDNS options in Lua Discovery 2026-03-31 Entry 2026-04-10 dnsdist < 2.0.3 CVE-2026-0396 CVE-2026-0397 CVE-2026-24028 CVE-2026-24029 CVE-2026-24030 CVE-2026-27853 CVE-2026-27854 https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html

VuXML ID

Description

c2253bff-9952-11f0-b6e2-6805ca2fa271

dnsdist -- Denial of service via crafted DoH exchange

security@open-xchange.com reports:

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources. The offending code was introduced in DNSdist 1.9.0-alpha1 so previous versions are not affected.

Discovery 2025-09-18
Entry 2025-09-24
Modified 2025-09-26
dnsdist

< 1.9.11

>= 2.0.0 lt 2.0.1

CVE-2025-30187
https://nvd.nist.gov/vuln/detail/CVE-2025-30187

431c2753-3503-11f1-bc6d-3c7c3fba4204

DNSdist -- vulnerabilities

https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html reports:

CVE-2026-0396: HTML injection in the web dashboard

CVE-2026-0397: Information disclosure via CORS misconfiguration

CVE-2026-24028: Out-of-bounds read when parsing DNS packets via Lua

CVE-2026-24029: DNS over HTTPS ACL bypass

CVE-2026-24030: Unbounded memory allocation for DoQ and DoH3

CVE-2026-27853: Out-of-bounds write when rewriting large DNS packets

CVE-2026-27854: Use after free when parsing EDNS options in Lua

Discovery 2026-03-31
Entry 2026-04-10
dnsdist

< 2.0.3

CVE-2026-0396
CVE-2026-0397
CVE-2026-24028
CVE-2026-24029
CVE-2026-24030
CVE-2026-27853
CVE-2026-27854
https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html