The affected versions (1.12.0 and 1.12.1) of aardvark-dns introduced TCP support but processed DNS queries serially. This flaw can be exploited by a malicious client to maintain an open TCP connection indefinitely, resulting in a denial of service for other DNS queries.