Primary

Context

PowerDNS DNSdist Out-of-Bounds Write Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A vulnerability allowing an out-of-bounds write has been identified in PowerDNS DNSdist versions 1.9.0 prior to 1.9.11 and 2.0.0 prior to 2.0.2. This vulnerability can be exploited by sending crafted DNS responses that manipulate the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. The exploitation may cause the modified packet to exceed the maximum DNS packet size, leading to a crash and a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a crash of the DNSdist process, leading to a denial-of-service condition.

Remediation

Users can upgrade to PowerDNS DNSdist versions 1.9.12 or 2.0.3, where this vulnerability has been patched. Alternatively, the vulnerable methods can be avoided in custom Lua code.

Added: Mar 31, 2026, 12:29 PM

Updated: Mar 31, 2026, 12:29 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

8.3

remediation

8.3

relevance

5.0

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

8.3

remediation

8.3

relevance

5.0

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PowerDNS DNSdist Out-of-Bounds Write Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

PowerDNS DNSdist

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating