FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-10-10 08:58:57 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
c2253bff-9952-11f0-b6e2-6805ca2fa271	dnsdist -- Denial of service via crafted DoH exchange security@open-xchange.com reports: In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources. The offending code was introduced in DNSdist 1.9.0-alpha1 so previous versions are not affected. Discovery 2025-09-18 Entry 2025-09-24 Modified 2025-09-26 dnsdist < 1.9.11 >= 2.0.0 lt 2.0.1 CVE-2025-30187 https://nvd.nist.gov/vuln/detail/CVE-2025-30187
f2d8342f-1134-11ef-8791-6805ca2fa271	dnsdist -- Transfer requests received over DoH can lead to a denial of service PowerDNS Security Advisory reports: When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing the process to stop and thus leading to a Denial of Service. DNS over HTTPS is not enabled by default, and backends are using plain DNS (Do53) by default. Discovery 2024-05-13 Entry 2024-05-13 dnsdist < 1.9.4 CVE-2024-25581 https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2024-03.html

VuXML ID

Description

c2253bff-9952-11f0-b6e2-6805ca2fa271

dnsdist -- Denial of service via crafted DoH exchange

security@open-xchange.com reports:

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources. The offending code was introduced in DNSdist 1.9.0-alpha1 so previous versions are not affected.

Discovery 2025-09-18
Entry 2025-09-24
Modified 2025-09-26
dnsdist

< 1.9.11

>= 2.0.0 lt 2.0.1

CVE-2025-30187
https://nvd.nist.gov/vuln/detail/CVE-2025-30187

f2d8342f-1134-11ef-8791-6805ca2fa271

dnsdist -- Transfer requests received over DoH can lead to a denial of service

PowerDNS Security Advisory reports:

When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing the process to stop and thus leading to a Denial of Service. DNS over HTTPS is not enabled by default, and backends are using plain DNS (Do53) by default.

Discovery 2024-05-13
Entry 2024-05-13
dnsdist

< 1.9.4

CVE-2024-25581
https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2024-03.html