CVE-2026-24028

Summary

An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential information disclosure.

Affected Software

VendorProductVersion RangeStatus
PowerDNSDNSdist1.9.0 < 1.9.12affected
PowerDNSDNSdist2.0.0 < 2.0.3affected

Weaknesses

  • Buffer Over-read

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References