Primary

Context

PowerDNS DNSdist Out-of-Bounds Read Vulnerability When Parsing DNS Packets via Lua

Vulnerability

Patched

A vulnerability allowing out-of-bounds read has been identified in PowerDNS DNSdist versions 1.9.0 prior to 1.9.11 and 2.0.0 prior to 2.0.2. This issue arises when custom Lua code utilizes 'newDNSPacketOverlay' to parse DNS packets, potentially leading to a crash and causing a denial-of-service, or allowing access to unrelated memory which could result in information disclosure.

Impact

Exploitation of this vulnerability can cause a denial-of-service by triggering a crash, or it can lead to unauthorized access to memory, with the possibility of disclosing sensitive information.

Remediation

Users can upgrade to PowerDNS DNSdist 1.9.12 or 2.0.3, where this vulnerability has been patched. Alternatively, the 'newDNSPacketOverlay' function can be avoided in custom Lua code.

Added: Mar 31, 2026, 12:31 PM

Updated: Mar 31, 2026, 12:31 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

3.1

exploitability

5.4

remediation

8.3

relevance

5.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

3.1

exploitability

5.4

remediation

8.3

relevance

5.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PowerDNS DNSdist Out-of-Bounds Read Vulnerability When Parsing DNS Packets via Lua

Vulnerability

Impact

Remediation

Affected Products

PowerDNS DNSdist

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating