CVE-2026-33595
Received
Received - Intake
Excessive Memory Allocation in DoQ/DoH3 via Error Response Flooding
Publication date: 2026-04-22
Last updated on: 2026-04-24
Assigner: Open-Xchange
Description
Description
A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| powerdns | dnsdist | From 1.9.0 (inc) to 1.9.13 (exc) |
| powerdns | dnsdist | From 2.0.0 (inc) to 2.0.4 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs when a client triggers excessive memory allocation by generating many error responses over a single DoQ (DNS over QUIC) and DoH3 (DNS over HTTPS version 3) connection. The issue arises because some resources are not properly released until the connection ends, leading to increased memory usage.
How can this vulnerability impact me? :
The vulnerability can lead to excessive memory consumption on the affected system, potentially causing performance degradation or denial of service due to resource exhaustion.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70