CVE-2026-33594
Received
Received - Intake
Excessive Memory Allocation in DoH Backend Causes Resource Exhaustion
Publication date: 2026-04-22
Last updated on: 2026-04-24
Assigner: Open-Xchange
Description
Description
A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released until the end of the connection.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| powerdns | dnsdist | From 1.9.0 (inc) to 1.9.13 (exc) |
| powerdns | dnsdist | From 2.0.0 (inc) to 2.0.4 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs when a client sends a large number of queries to a DNS over HTTPS (DoH) backend that is already overloaded. These queries accumulate in a buffer that is not released until the connection ends, causing excessive memory allocation.
How can this vulnerability impact me? :
The vulnerability can lead to excessive memory usage on the affected system, potentially causing performance degradation or denial of service due to resource exhaustion.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70