Primary

Context

PowerDNS DNSdist Off-by-One Write Vulnerability in UDP Response Processing Leading to Denial-of-Service

Vulnerability

Patched

An out-of-bounds write vulnerability has been identified in PowerDNS DNSdist versions through 2.0.3 and 1.9.12. This vulnerability arises from a rogue backend sending a crafted UDP response with a query ID that is off by one, relative to the maximum configured value. The manipulation triggers an out-of-bounds write, causing a denial-of-service condition.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the application to crash or become unresponsive.

Remediation

Users are advised to upgrade to PowerDNS DNSdist versions 1.9.13 or 2.0.4, where this vulnerability has been patched.

Added: Apr 22, 2026, 2:26 PM

Updated: Apr 22, 2026, 2:26 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

3.1

exploitability

7.6

remediation

7.9

relevance

6.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

3.1

exploitability

7.6

remediation

7.9

relevance

6.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PowerDNS DNSdist Off-by-One Write Vulnerability in UDP Response Processing Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

PowerDNS DNSdist

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating