The affected versions (1.12.0 and 1.12.1) of aardvark-dns introduced TCP support but processed DNS queries serially. This flaw can be exploited by a malicious client to maintain an open TCP connection indefinitely, resulting in a denial of service for other DNS queries.
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:7094 https://access.redhat.com/errata/RHSA-2025:7094