{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27853", "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "state": "PUBLISHED", "assignerShortName": "OX", "dateReserved": "2026-02-24T08:46:09.373Z", "datePublished": "2026-03-31T12:04:23.419Z", "dateUpdated": "2026-03-31T13:17:25.025Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://repo.powerdns.com/", "defaultStatus": "unaffected", "modules": ["DNS packet writer"], "packageName": "dnsdist", "product": "DNSdist", "programFiles": ["dnswriter.cc"], "repo": "https://github.com/PowerDNS/pdns", "vendor": "PowerDNS", "versions": [{"lessThan": "1.9.12", "status": "affected", "version": "1.9.0", "versionType": "semver"}, {"lessThan": "2.0.3", "status": "affected", "version": "2.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "ilya rozentsvaig"}], "datePublic": "2026-03-30T22:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535 bytes, potentially leading to a crash resulting in denial of service.</p>"}], "value": "An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535 bytes, potentially leading to a crash resulting in denial of service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "shortName": "OX", "dateUpdated": "2026-03-31T12:04:23.419Z"}, "references": [{"url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Out-of-bounds write when rewriting large DNS packets", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "CWE-787 Out-of-bounds Write"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T13:14:03.664956Z", "id": "CVE-2026-27853", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T13:17:25.025Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27853", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-31T13:14:03.664956Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T13:13:57.021Z"}}], "cna": {"title": "Out-of-bounds write when rewriting large DNS packets", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "ilya rozentsvaig"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/PowerDNS/pdns", "vendor": "PowerDNS", "modules": ["DNS packet writer"], "product": "DNSdist", "versions": [{"status": "affected", "version": "1.9.0", "lessThan": "1.9.12", "versionType": "semver"}, {"status": "affected", "version": "2.0.0", "lessThan": "2.0.3", "versionType": "semver"}], "packageName": "dnsdist", "programFiles": ["dnswriter.cc"], "collectionURL": "https://repo.powerdns.com/", "defaultStatus": "unaffected"}], "datePublic": "2026-03-30T22:00:00.000Z", "references": [{"url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535 bytes, potentially leading to a crash resulting in denial of service.", "supportingMedia": [{"type": "text/html", "value": "<p>An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535 bytes, potentially leading to a crash resulting in denial of service.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "shortName": "OX", "dateUpdated": "2026-03-31T12:04:23.419Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27853", "state": "PUBLISHED", "dateUpdated": "2026-03-31T13:17:25.025Z", "dateReserved": "2026-02-24T08:46:09.373Z", "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "datePublished": "2026-03-31T12:04:23.419Z", "assignerShortName": "OX"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:powerdns:dnsdist:*:*:*:*:*:*:*:*", "matchCriteriaId": "628B3B94-81DE-496E-B36A-B79A3DFFE1F4", "versionEndExcluding": "1.9.12", "versionStartIncluding": "1.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerdns:dnsdist:*:*:*:*:*:*:*:*", "matchCriteriaId": "9AC850DD-FDD8-4C48-B861-4BBAF423FF57", "versionEndExcluding": "2.0.3", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535 bytes, potentially leading to a crash resulting in denial of service."}], "id": "CVE-2026-27853", "lastModified": "2026-04-14T16:12:32.463", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security@open-xchange.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-31T12:16:27.917", "references": [{"source": "security@open-xchange.com", "tags": ["Vendor Advisory"], "url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html"}], "sourceIdentifier": "security@open-xchange.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.9.0,1.9.12)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2.0.0,2.0.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DNSdist", "source": "cna", "vendor": "PowerDNS"}, "product": "dnsdist", "vendor": "powerdns"}], "analysis": {"en": {"generated_at": "2026-04-14T19:00:02.493296+00:00", "value": {"mitigation_remediation": ["Check for and apply the latest DNSdist release that addresses the out\u2011of\u2011bounds write issue.", "If no patch is available, remove or disable DNSQuestion:changeName and DNSResponse:changeName calls from custom Lua scripts to prevent large packet rewrites.", "Restrict external access to the DNSdist server with firewalls or network segmentation to reduce exposure to crafted DNS responses.", "Monitor DNSdist logs for crash events or abnormal packet size entries and investigate promptly."], "summary": {"action": "Assess Impact", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the DNSdist component of PowerDNS. No specific product or version numbers are disclosed in the advisory, so any deployment of DNSdist that processes or rewrites packets through the mentioned Lua methods is potentially at risk.", "description_and_impact": "An out\u2011of\u2011bounds write can be triggered in PowerDNS DNSdist when an attacker sends specially crafted DNS responses that use the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. The rewritten packet may become larger than the original and exceed the 65535\u2011byte limit, causing the DNSdist process to crash. This crash results in a denial of service for clients relying on the affected DNS server. The weakness is classified as CWE\u2011787.", "risk_and_exploitability": "The CVSS score of 5.9 indicates moderate severity, while the EPSS score of less than 1% suggests a low likelihood of immediate exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker would need to send crafted DNS responses to a DNSdist instance that runs custom Lua scripts employing the changeName methods. Without such scripts, the attack surface is limited, but the potential for a crash remains a concern for environments requiring high availability."}}}}, "created": "2026-03-31T19:54:48.141277+00:00", "updated": "2026-04-15T16:45:09.778904+00:00", "vendors": ["powerdns", "powerdns$PRODUCT$dnsdist"]}