Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-33254 (GCVE-0-2026-33254)
Vulnerability from cvelistv5 – Published: 2026-04-22 13:45 – Updated: 2026-04-22 14:51
VLAI
EPSS
Title
Resource exhaustion via DoQ/DoH3 connections
Summary
An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Allocation of Resources Without Limits or Throttling
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
1 reference
Impacted products
Date Public
2026-04-21 22:00
Credits
Salvor Labs - https://salvor.fr
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-22T14:51:24.341357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T14:51:51.130Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.powerdns.com/",
"defaultStatus": "unaffected",
"modules": [
"DNS over QUIC",
"DNS over HTTP3"
],
"packageName": "dnsdist",
"product": "DNSdist",
"programFiles": [
"doh3.cc",
"doq.cc"
],
"repo": "https://github.com/PowerDNS/pdns",
"vendor": "PowerDNS",
"versions": [
{
"lessThan": "1.9.13",
"status": "affected",
"version": "1.9.0",
"versionType": "semver"
},
{
"lessThan": "2.0.4",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Salvor Labs - https://salvor.fr"
}
],
"datePublic": "2026-04-21T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default.\u003c/p\u003e"
}
],
"value": "An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T13:45:07.069Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Resource exhaustion via DoQ/DoH3 connections",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2026-33254",
"datePublished": "2026-04-22T13:45:07.069Z",
"dateReserved": "2026-03-18T10:06:16.572Z",
"dateUpdated": "2026-04-22T14:51:51.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-33254",
"date": "2026-06-18",
"epss": "0.00371",
"percentile": "0.28781"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-33254\",\"sourceIdentifier\":\"security@open-xchange.com\",\"published\":\"2026-04-22T14:16:53.520\",\"lastModified\":\"2026-04-27T16:58:36.563\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@open-xchange.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:powerdns:dnsdist:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.9.0\",\"versionEndExcluding\":\"1.9.13\",\"matchCriteriaId\":\"DCC2DF11-EC5C-4112-90F2-C266CB65D390\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:powerdns:dnsdist:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.0.4\",\"matchCriteriaId\":\"29865EC6-C1A0-40F3-B0BB-7F71F9C1DCB7\"}]}]}],\"references\":[{\"url\":\"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html\",\"source\":\"security@open-xchange.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-33254\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-22T14:51:24.341357Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770 Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-22T14:50:08.743Z\"}}], \"cna\": {\"title\": \"Resource exhaustion via DoQ/DoH3 connections\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Salvor Labs - https://salvor.fr\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/PowerDNS/pdns\", \"vendor\": \"PowerDNS\", \"modules\": [\"DNS over QUIC\", \"DNS over HTTP3\"], \"product\": \"DNSdist\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.9.0\", \"lessThan\": \"1.9.13\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"2.0.0\", \"lessThan\": \"2.0.4\", \"versionType\": \"semver\"}], \"packageName\": \"dnsdist\", \"programFiles\": [\"doh3.cc\", \"doq.cc\"], \"collectionURL\": \"https://repo.powerdns.com/\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-04-21T22:00:00.000Z\", \"references\": [{\"url\": \"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html\"}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eAn attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"8ce71d90-2354-404b-a86e-bec2cc4e6981\", \"shortName\": \"OX\", \"dateUpdated\": \"2026-04-22T13:45:07.069Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-33254\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-22T14:51:51.130Z\", \"dateReserved\": \"2026-03-18T10:06:16.572Z\", \"assignerOrgId\": \"8ce71d90-2354-404b-a86e-bec2cc4e6981\", \"datePublished\": \"2026-04-22T13:45:07.069Z\", \"assignerShortName\": \"OX\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-33254
Vulnerability from fkie_nvd - Published: 2026-04-22 14:16 - Updated: 2026-06-17 10:37
Severity
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default.
References
{
"affected": [
{
"affectedData": [
{
"collectionURL": "https://repo.powerdns.com/",
"defaultStatus": "unaffected",
"modules": [
"DNS over QUIC",
"DNS over HTTP3"
],
"packageName": "dnsdist",
"product": "DNSdist",
"programFiles": [
"doh3.cc",
"doq.cc"
],
"repo": "https://github.com/PowerDNS/pdns",
"vendor": "PowerDNS",
"versions": [
{
"lessThan": "1.9.13",
"status": "affected",
"version": "1.9.0",
"versionType": "semver"
},
{
"lessThan": "2.0.4",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"source": "security@open-xchange.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:dnsdist:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC2DF11-EC5C-4112-90F2-C266CB65D390",
"versionEndExcluding": "1.9.13",
"versionStartIncluding": "1.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:dnsdist:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29865EC6-C1A0-40F3-B0BB-7F71F9C1DCB7",
"versionEndExcluding": "2.0.4",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default."
}
],
"id": "CVE-2026-33254",
"lastModified": "2026-06-17T10:37:12.113",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@open-xchange.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-33254",
"options": [
{
"exploitation": "none"
},
{
"automatable": "yes"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-22T14:51:24.341357Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-04-22T14:16:53.520",
"references": [
{
"source": "security@open-xchange.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html"
}
],
"sourceIdentifier": "security@open-xchange.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-WGV5-FPV8-M4JC
Vulnerability from github – Published: 2026-04-22 15:31 – Updated: 2026-04-22 15:31
VLAI
Details
An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default.
Severity
5.3 (Medium)
{
"affected": [],
"aliases": [
"CVE-2026-33254"
],
"database_specific": {
"cwe_ids": [
"CWE-770"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-22T14:16:53Z",
"severity": "MODERATE"
},
"details": "An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default.",
"id": "GHSA-wgv5-fpv8-m4jc",
"modified": "2026-04-22T15:31:44Z",
"published": "2026-04-22T15:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33254"
},
{
"type": "WEB",
"url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
OPENSUSE-SU-2026:10632-1
Vulnerability from csaf_opensuse - Published: 2026-04-28 00:00 - Updated: 2026-04-28 00:00Summary
dnsdist-2.0.5-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: dnsdist-2.0.5-1.1 on GA media
Description of the patch: These are all security issues fixed in the dnsdist-2.0.5-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10632
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.1 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.2 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
35 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "dnsdist-2.0.5-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the dnsdist-2.0.5-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10632",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10632-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33254 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33254/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33257 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33260 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33260/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33593 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33593/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33594 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33594/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33595 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33596 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33596/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33598/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33599 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33599/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33602 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33602/"
}
],
"title": "dnsdist-2.0.5-1.1 on GA media",
"tracking": {
"current_release_date": "2026-04-28T00:00:00Z",
"generator": {
"date": "2026-04-28T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10632-1",
"initial_release_date": "2026-04-28T00:00:00Z",
"revision_history": [
{
"date": "2026-04-28T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "dnsdist-2.0.5-1.1.aarch64",
"product": {
"name": "dnsdist-2.0.5-1.1.aarch64",
"product_id": "dnsdist-2.0.5-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsdist-2.0.5-1.1.ppc64le",
"product": {
"name": "dnsdist-2.0.5-1.1.ppc64le",
"product_id": "dnsdist-2.0.5-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsdist-2.0.5-1.1.s390x",
"product": {
"name": "dnsdist-2.0.5-1.1.s390x",
"product_id": "dnsdist-2.0.5-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsdist-2.0.5-1.1.x86_64",
"product": {
"name": "dnsdist-2.0.5-1.1.x86_64",
"product_id": "dnsdist-2.0.5-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsdist-2.0.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64"
},
"product_reference": "dnsdist-2.0.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsdist-2.0.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le"
},
"product_reference": "dnsdist-2.0.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsdist-2.0.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x"
},
"product_reference": "dnsdist-2.0.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsdist-2.0.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
},
"product_reference": "dnsdist-2.0.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33254",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33254"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33254",
"url": "https://www.suse.com/security/cve/CVE-2026-33254"
},
{
"category": "external",
"summary": "SUSE Bug 1262538 for CVE-2026-33254",
"url": "https://bugzilla.suse.com/1262538"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-28T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33254"
},
{
"cve": "CVE-2026-33257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33257"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33257",
"url": "https://www.suse.com/security/cve/CVE-2026-33257"
},
{
"category": "external",
"summary": "SUSE Bug 1262536 for CVE-2026-33257",
"url": "https://bugzilla.suse.com/1262536"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-33257"
},
{
"cve": "CVE-2026-33260",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33260"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33260",
"url": "https://www.suse.com/security/cve/CVE-2026-33260"
},
{
"category": "external",
"summary": "SUSE Bug 1262537 for CVE-2026-33260",
"url": "https://bugzilla.suse.com/1262537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-33260"
},
{
"cve": "CVE-2026-33593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33593"
}
],
"notes": [
{
"category": "general",
"text": "A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33593",
"url": "https://www.suse.com/security/cve/CVE-2026-33593"
},
{
"category": "external",
"summary": "SUSE Bug 1262546 for CVE-2026-33593",
"url": "https://bugzilla.suse.com/1262546"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-28T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33593"
},
{
"cve": "CVE-2026-33594",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33594"
}
],
"notes": [
{
"category": "general",
"text": "A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released until the end of the connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33594",
"url": "https://www.suse.com/security/cve/CVE-2026-33594"
},
{
"category": "external",
"summary": "SUSE Bug 1262545 for CVE-2026-33594",
"url": "https://bugzilla.suse.com/1262545"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-28T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33594"
},
{
"cve": "CVE-2026-33595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33595"
}
],
"notes": [
{
"category": "general",
"text": "A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33595",
"url": "https://www.suse.com/security/cve/CVE-2026-33595"
},
{
"category": "external",
"summary": "SUSE Bug 1262544 for CVE-2026-33595",
"url": "https://bugzilla.suse.com/1262544"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-28T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33595"
},
{
"cve": "CVE-2026-33596",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33596"
}
],
"notes": [
{
"category": "general",
"text": "A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DNS over TLS backend.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33596",
"url": "https://www.suse.com/security/cve/CVE-2026-33596"
},
{
"category": "external",
"summary": "SUSE Bug 1262543 for CVE-2026-33596",
"url": "https://bugzilla.suse.com/1262543"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-33596"
},
{
"cve": "CVE-2026-33597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33597"
}
],
"notes": [
{
"category": "general",
"text": "PRSD detection denial of service",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33597",
"url": "https://www.suse.com/security/cve/CVE-2026-33597"
},
{
"category": "external",
"summary": "SUSE Bug 1262542 for CVE-2026-33597",
"url": "https://bugzilla.suse.com/1262542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-28T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33597"
},
{
"cve": "CVE-2026-33598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33598"
}
],
"notes": [
{
"category": "general",
"text": "A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on a packet cache.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33598",
"url": "https://www.suse.com/security/cve/CVE-2026-33598"
},
{
"category": "external",
"summary": "SUSE Bug 1262541 for CVE-2026-33598",
"url": "https://bugzilla.suse.com/1262541"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-28T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2026-33598"
},
{
"cve": "CVE-2026-33599",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33599"
}
],
"notes": [
{
"category": "general",
"text": "A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade (Lua) option to newServer or auto_upgrade (YAML) settings. DDR upgrade is not enabled by default.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33599",
"url": "https://www.suse.com/security/cve/CVE-2026-33599"
},
{
"category": "external",
"summary": "SUSE Bug 1262540 for CVE-2026-33599",
"url": "https://bugzilla.suse.com/1262540"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-28T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33599"
},
{
"cve": "CVE-2026-33602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33602"
}
],
"notes": [
{
"category": "general",
"text": "A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33602",
"url": "https://www.suse.com/security/cve/CVE-2026-33602"
},
{
"category": "external",
"summary": "SUSE Bug 1262539 for CVE-2026-33602",
"url": "https://bugzilla.suse.com/1262539"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.aarch64",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.ppc64le",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.s390x",
"openSUSE Tumbleweed:dnsdist-2.0.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-28T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33602"
}
]
}
WID-SEC-W-2026-1230
Vulnerability from csaf_certbund - Published: 2026-04-21 22:00 - Updated: 2026-06-07 22:00Summary
DNSdist: Mehrere Schwachstellen ermöglichen Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: DNSdist ist ein DNS-Traffic-Manager, der als Load-Balancer, Filter und Sicherheits-Gateway vor DNS-Servern eingesetzt wird
Angriff: Ein Angreifer kann mehrere Schwachstellen in DNSdist ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source DNSdist <2.0.4
Open Source / DNSdist
|
<2.0.4 | ||
|
Open Source DNSdist <1.9.13
Open Source / DNSdist
|
<1.9.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source DNSdist <2.0.4
Open Source / DNSdist
|
<2.0.4 | ||
|
Open Source DNSdist <1.9.13
Open Source / DNSdist
|
<1.9.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source DNSdist <2.0.4
Open Source / DNSdist
|
<2.0.4 | ||
|
Open Source DNSdist <1.9.13
Open Source / DNSdist
|
<1.9.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source DNSdist <2.0.4
Open Source / DNSdist
|
<2.0.4 | ||
|
Open Source DNSdist <1.9.13
Open Source / DNSdist
|
<1.9.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source DNSdist <2.0.4
Open Source / DNSdist
|
<2.0.4 | ||
|
Open Source DNSdist <1.9.13
Open Source / DNSdist
|
<1.9.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source DNSdist <2.0.4
Open Source / DNSdist
|
<2.0.4 | ||
|
Open Source DNSdist <1.9.13
Open Source / DNSdist
|
<1.9.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source DNSdist <2.0.4
Open Source / DNSdist
|
<2.0.4 | ||
|
Open Source DNSdist <1.9.13
Open Source / DNSdist
|
<1.9.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source DNSdist <2.0.4
Open Source / DNSdist
|
<2.0.4 | ||
|
Open Source DNSdist <1.9.13
Open Source / DNSdist
|
<1.9.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source DNSdist <2.0.4
Open Source / DNSdist
|
<2.0.4 | ||
|
Open Source DNSdist <1.9.13
Open Source / DNSdist
|
<1.9.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source DNSdist <2.0.4
Open Source / DNSdist
|
<2.0.4 | ||
|
Open Source DNSdist <1.9.13
Open Source / DNSdist
|
<1.9.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source DNSdist <2.0.4
Open Source / DNSdist
|
<2.0.4 | ||
|
Open Source DNSdist <1.9.13
Open Source / DNSdist
|
<1.9.13 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
References
6 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "DNSdist ist ein DNS-Traffic-Manager, der als Load-Balancer, Filter und Sicherheits-Gateway vor DNS-Servern eingesetzt wird",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in DNSdist ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1230 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1230.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1230 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1230"
},
{
"category": "external",
"summary": "PowerDNS Security Advisory 2026-04 for PowerDNS DNSdist vom 2026-04-21",
"url": "https://blog.powerdns.com/2026/04/22/powerdns-security-advisory-2026-04-for-powerdns-dnsdist"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6235 vom 2026-04-29",
"url": "https://lists.debian.org/debian-security-announce/2026/msg00145.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:10632-1 vom 2026-04-29",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XQGYOSCKMETGMCQAB25RADRSIOXN6GSR/"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2026-64C1CC86C1 vom 2026-06-06",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-64c1cc86c1"
}
],
"source_lang": "en-US",
"title": "DNSdist: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2026-06-07T22:00:00.000+00:00",
"generator": {
"date": "2026-06-08T09:28:32.305+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1230",
"initial_release_date": "2026-04-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-04-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-04-22T22:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2026-24720, EUVD-2026-24725, EUVD-2026-24937, EUVD-2026-24931, EUVD-2026-24929, EUVD-2026-24939, EUVD-2026-24935, EUVD-2026-24927, EUVD-2026-24933, EUVD-2026-24941, EUVD-2026-24943"
},
{
"date": "2026-04-28T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2026-04-29T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2026-06-07T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Fedora aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.9.13",
"product": {
"name": "Open Source DNSdist \u003c1.9.13",
"product_id": "T053225"
}
},
{
"category": "product_version",
"name": "1.9.13",
"product": {
"name": "Open Source DNSdist 1.9.13",
"product_id": "T053225-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:dnsdist:1.9.13"
}
}
},
{
"category": "product_version_range",
"name": "\u003c2.0.4",
"product": {
"name": "Open Source DNSdist \u003c2.0.4",
"product_id": "T053226"
}
},
{
"category": "product_version",
"name": "2.0.4",
"product": {
"name": "Open Source DNSdist 2.0.4",
"product_id": "T053226-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:dnsdist:2.0.4"
}
}
}
],
"category": "product_name",
"name": "DNSdist"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33254",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T053226",
"T053225",
"74185"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-33254"
},
{
"cve": "CVE-2026-33257",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T053226",
"T053225",
"74185"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-33257"
},
{
"cve": "CVE-2026-33260",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T053226",
"T053225",
"74185"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-33260"
},
{
"cve": "CVE-2026-33593",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T053226",
"T053225",
"74185"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-33593"
},
{
"cve": "CVE-2026-33594",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T053226",
"T053225",
"74185"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-33594"
},
{
"cve": "CVE-2026-33595",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T053226",
"T053225",
"74185"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-33595"
},
{
"cve": "CVE-2026-33596",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T053226",
"T053225",
"74185"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-33596"
},
{
"cve": "CVE-2026-33597",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T053226",
"T053225",
"74185"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-33597"
},
{
"cve": "CVE-2026-33598",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T053226",
"T053225",
"74185"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-33598"
},
{
"cve": "CVE-2026-33599",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T053226",
"T053225",
"74185"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-33599"
},
{
"cve": "CVE-2026-33602",
"product_status": {
"known_affected": [
"2951",
"T027843",
"T053226",
"T053225",
"74185"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-33602"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…