Primary

Context

PowerDNS DNSdist Out-of-Bounds Read Vulnerability via Lua Packet Cache Inspection

Vulnerability

Patched

A vulnerability in PowerDNS DNSdist versions through 2.0.3 and 1.9.12 allows for an out-of-bounds read. This issue arises when custom Lua code invokes the functions getDomainListByAddress() or getAddressListByDomain() on a packet cache that contains a crafted response. The vulnerability can lead to a denial-of-service condition by causing excessive memory allocation.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by triggering an out-of-bounds read, which can be manipulated to disrupt normal service operations.

Remediation

Users can upgrade to PowerDNS DNSdist versions 1.9.13 or 2.0.4, where this vulnerability has been patched. Alternatively, avoid using the Lua functions getDomainListByAddress() or getAddressListByDomain() on packet caches.

Added: Apr 22, 2026, 2:29 PM

Updated: Apr 22, 2026, 2:29 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

3.1

exploitability

7.6

remediation

7.9

relevance

6.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

3.1

exploitability

7.6

remediation

7.9

relevance

6.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PowerDNS DNSdist Out-of-Bounds Read Vulnerability via Lua Packet Cache Inspection

Vulnerability

Impact

Remediation

Affected Products

PowerDNS DNSdist

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating