CVE-2026-35406: Denial of Service via Uncontrolled Resource Consumption in Aardvark-dns
Vulnerability ID: CVE-2026-35406
CVSS Score: 6.2
Published: 2026-04-07
Aardvark-dns versions 1.16.0 through 1.17.0 are vulnerable to an uncontrolled resource consumption flaw (CWE-400). A truncated TCP DNS query followed by an immediate connection reset forces the server into an infinite polling loop, consuming 100% CPU and causing a Denial of Service.
TL;DR
Unauthenticated DoS in Aardvark-dns via truncated TCP queries causing 100% CPU exhaustion due to missing error handling.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-400
- Attack Vector: Local/Adjacent Network
- Impact: Denial of Service (100% CPU Exhaustion)
- Exploit Status: PoC Available
- CVSS Score: 6.2 (Medium)
Affected Systems
- Aardvark-dns
- Podman Container Networks
-
aardvark-dns: 1.16.0 - 1.17.0 (Fixed in:
1.17.1)
Code Analysis
Commit: 3b49ea7
Fix infinite loop on tcp dns errors
Exploit Details
- BATS Test Suite: socat command sending 0x003c followed by immediate closure
Mitigation Strategies
- Update Aardvark-dns to version 1.17.1 or later
- Implement network rate-limiting on TCP/53 to restrict rapid connection resets
- Monitor Aardvark-dns process for sustained 100% CPU utilization
Remediation Steps:
- Identify running instances of Aardvark-dns.
- Upgrade the software package via the host OS package manager.
- Restart container networking services or reload Podman networks to apply the patched binary.
References
- Security Advisory GHSA-hfpq-x728-986j
- Fix commit 3b49ea7b38bdea134b7f03256f2e13f44ce73bb1
- Release Notes v1.17.1
- NVD Vulnerability Detail
Read the full report for CVE-2026-35406 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)