Description
An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash.
Published: 2026-06-25
Score: 4.8 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The CVE outlines an out-of-bounds read that can occur when SetMacAddrAction is invoked in PowerDNS DNSdist. This overflow may allow an attacker to read uninitialized memory and send it over the network, potentially revealing sensitive data, and in some cases could cause the DNSdist process to crash, resulting in denial of service.

Affected Systems

Affected products include PowerDNS DNSdist. The specific functionality is SetMacAddrAction; product versions are not listed in the advisory, so administrators should verify their current DNSdist release against the vendor's patch release.

Risk and Exploitability

The CVSS score of 4.8 indicates moderate severity, and the vulnerability is not listed in the CISA KEV catalog, with no EPSS score available, implying limited evidence of active exploitation. The likely attack surface is the network interface where DNSdist processes client requests. An attacker could trigger the vulnerability by sending crafted data that causes the out-of-bounds read, potentially exposing memory contents or causing a crash that leads to service disruption.

Generated by OpenCVE AI on June 25, 2026 at 18:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update DNSdist to the latest patched version from the vendor advisory.
  • If an update is not immediately possible, disable or restrict the SetMacAddrAction functionality until the patch is applied.
  • Implement input validation or defensive bounds checks for the data processed by SetMacAddrAction to mitigate buffer over-read vulnerabilities per CWE-126, and monitor for anomalous traffic.

Generated by OpenCVE AI on June 25, 2026 at 18:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787

Thu, 25 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787

Thu, 25 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-126
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 25 Jun 2026 13:00:00 +0000

Type Values Removed Values Added
Description An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash.
Title Out-of-bounds read in SetMacAddrAction
References
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: OX

Published:

Updated: 2026-06-25T13:49:35.668Z

Reserved: 2026-04-10T07:11:39.060Z

Link: CVE-2026-40210

cve-icon Vulnrichment

Updated: 2026-06-25T13:49:21.993Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T17:00:11Z

Weaknesses