Powerdns: Security Vulnerabilities
An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential information disclosure.
CVSS Score
5.3
EPSS Score
0.01
Published
2026-03-31
When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL.
CVSS Score
6.5
EPSS Score
0.001
Published
2026-03-31
An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connection is properly closed, but in some cases the system might enter an out-of-memory state instead and terminate the process.
CVSS Score
5.3
EPSS Score
0.005
Published
2026-03-31
An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535 bytes, potentially leading to a crash resulting in denial of service.
CVSS Score
5.9
EPSS Score
0.005
Published
2026-03-31
Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor.
CVSS Score
5.3
EPSS Score
0.004
Published
2026-02-09
Crafted zones can lead to increased incoming network traffic.
CVSS Score
5.3
EPSS Score
0.004
Published
2026-02-09
Crafted delegations or IP fragments can poison cached delegations in Recursor.
CVSS Score
8.2
EPSS Score
0.003
Published
2026-02-09
Crafted delegations or IP fragments can poison cached delegations in Recursor.
CVSS Score
6.5
EPSS Score
0.001
Published
2026-02-09
An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP.
CVSS Score
7.5
EPSS Score
0.005
Published
2025-12-09
An attacker can trigger an assertion failure by requesting crafted DNS records, waiting for them to be inserted into the records cache, then send a query with qtype set to ANY.
CVSS Score
5.3
EPSS Score
0.003
Published
2025-12-09