{"uuid": "270f9506-8d99-45b2-ab64-1d694db87046", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30194", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13803", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30194\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service.\n\nThe remedy is: upgrade to the patched 1.9.9 version.\n\nA workaround is to temporarily switch to the h2o provider until DNSdist has been upgraded to a fixed version.\n\nWe would like to thank Charles Howes for bringing this issue to our attention.\n\ud83d\udccf Published: 2025-04-29T11:25:47.141Z\n\ud83d\udccf Modified: 2025-04-29T11:27:04.926Z\n\ud83d\udd17 References:\n1. https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-02.html", "creation_timestamp": "2025-04-29T12:12:36.000000Z"}