Description
A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on a packet cache.
Published: 2026-04-22
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Out-of-bounds read caused by Lua API misuse on packet cache
Action: Apply patch
AI Analysis

Impact

A crafted cached response can trigger an out-of-bounds read when custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on a DNSdist packet cache. The vulnerability allows an attacker to read memory beyond the intended bounds, potentially exposing sensitive data or causing a service crash, thereby affecting confidentiality, integrity, and availability. This weakness is classified as CWE‑125.

Affected Systems

The issue affects PowerDNS DNSdist. No specific version range is listed in the advisory, so all installations that run Lua scripts capable of invoking the affected API should be reviewed.

Risk and Exploitability

The CVSS score of 4.8 indicates a moderate risk level. EPSS information is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting limited known exploitation. The likely attack vector requires an attacker to inject or influence Lua code running within DNSdist, which could be achieved through configuration changes or compromised scripts. Consequently, the practical exploitation likelihood remains moderate and contingent on the presence of exploitable Lua scripts.

Generated by OpenCVE AI on April 27, 2026 at 19:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update DNSdist to the latest version that incorporates the fix as described in the official advisory.
  • If an immediate update is not possible, limit Lua script usage or remove calls to getDomainListByAddress() and getAddressListByDomain() from the running scripts to prevent the out-of-bounds read.
  • Monitor DNSdist for abnormal memory accesses or crashes, and apply general hardening practices such as restricting script permissions and securing configuration files.

Generated by OpenCVE AI on April 27, 2026 at 19:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6235-1 dnsdist security update
History

Fri, 24 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:powerdns:dnsdist:*:*:*:*:*:*:*:*

Wed, 22 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Powerdns
Powerdns dnsdist
Vendors & Products Powerdns
Powerdns dnsdist

Wed, 22 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Description A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on a packet cache.
Title Out-of-bounds read in cache inspection via Lua
References
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L'}

Subscriptions

Powerdns Dnsdist
cve-icon MITRE

Status: PUBLISHED

Assigner: OX

Published:

Updated: 2026-04-22T14:49:43.649Z

Reserved: 2026-03-23T12:57:56.814Z

Link: CVE-2026-33598

cve-icon Vulnrichment

Updated: 2026-04-22T14:47:40.840Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-22T14:16:54.303

Modified: 2026-04-24T18:51:54.053

Link: CVE-2026-33598

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T19:30:12Z

Weaknesses