Description
An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535 bytes, potentially leading to a crash resulting in denial of service.
Published: 2026-03-31
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

An attacker can induce an out‑of‑bounds memory write by sending crafted DNS responses that use the DNSQuestion:changeName or DNSResponse:changeName Lua methods. This causes the rewritten packet to grow beyond the original size and may exceed the 65535‑byte limit of a DNS message, potentially corrupting memory and crashing DNSdist. The crash results in a denial‑of‑service condition for the DNS service.

Affected Systems

The vulnerability is present in PowerDNS DNSdist. Any installation that enables custom Lua scripts that call the changeName functions is potentially affected. The advisory lists the affected product as DNSdist; specific version numbers are not included, so any currently running version could be susceptible until patched.

Risk and Exploitability

The CVSS base score is 5.9, indicating a medium risk. No EPSS score is listed and the vulnerability is not in the KEV catalog, suggesting lower exploitation probability. The attack vector is feasible from an external source capable of delivering crafted DNS responses, as the out‑of‑bounds write occurs during packet rewriting. Without a publicly available exploit, the risk remains tempered, yet the crash can disrupt network services making it a concern.

Generated by OpenCVE AI on March 31, 2026 at 15:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade DNSdist to the latest released version following the vendor advisory.
  • Disable or modify custom Lua scripts that invoke DNSQuestion:changeName or DNSResponse:changeName to avoid packet rewriting that could enlarge responses.
  • Monitor DNSdist logs and system stability for abrupt crashes or memory errors.
  • Verify that the network infrastructure permits only legitimate DNS responses to mitigate potential abuse.

Generated by OpenCVE AI on March 31, 2026 at 15:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Powerdns
Powerdns dnsdist
Vendors & Products Powerdns
Powerdns dnsdist

Tue, 31 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Description An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535 bytes, potentially leading to a crash resulting in denial of service.
Title Out-of-bounds write when rewriting large DNS packets
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Powerdns Dnsdist
cve-icon MITRE

Status: PUBLISHED

Assigner: OX

Published:

Updated: 2026-03-31T13:17:25.025Z

Reserved: 2026-02-24T08:46:09.373Z

Link: CVE-2026-27853

cve-icon Vulnrichment

Updated: 2026-03-31T13:13:57.021Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-31T12:16:27.917

Modified: 2026-04-01T14:24:02.583

Link: CVE-2026-27853

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:38:42Z

Weaknesses