{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33602", "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "state": "PUBLISHED", "assignerShortName": "OX", "dateReserved": "2026-03-23T12:57:56.815Z", "datePublished": "2026-04-22T13:45:34.667Z", "dateUpdated": "2026-04-22T14:47:07.785Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "shortName": "OX", "dateUpdated": "2026-04-22T13:45:34.667Z"}, "title": "Off-by-one access when processing crafted UDP responses", "datePublic": "2026-04-21T22:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "description": "Heap-based Buffer Overflow", "type": "CWE"}]}], "affected": [{"vendor": "PowerDNS", "product": "DNSdist", "collectionURL": "https://repo.powerdns.com/", "packageName": "dnsdist", "repo": "https://github.com/PowerDNS/pdns", "modules": ["DNS over Do53 UDP"], "programFiles": ["dnsdist-backend.cc"], "versions": [{"status": "affected", "version": "1.9.0", "lessThan": "1.9.13", "versionType": "semver"}, {"status": "affected", "version": "2.0.0", "lessThan": "2.0.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service.</p>"}]}], "references": [{"url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"}}], "credits": [{"lang": "en", "value": "ylwango613", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-122", "lang": "en", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-22T14:46:39.998027Z", "id": "CVE-2026-33602", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T14:47:07.785Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33602", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-22T14:46:39.998027Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T14:45:48.657Z"}}], "cna": {"title": "Off-by-one access when processing crafted UDP responses", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "ylwango613"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/PowerDNS/pdns", "vendor": "PowerDNS", "modules": ["DNS over Do53 UDP"], "product": "DNSdist", "versions": [{"status": "affected", "version": "1.9.0", "lessThan": "1.9.13", "versionType": "semver"}, {"status": "affected", "version": "2.0.0", "lessThan": "2.0.4", "versionType": "semver"}], "packageName": "dnsdist", "programFiles": ["dnsdist-backend.cc"], "collectionURL": "https://repo.powerdns.com/", "defaultStatus": "unaffected"}], "datePublic": "2026-04-21T22:00:00.000Z", "references": [{"url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service.", "supportingMedia": [{"type": "text/html", "value": "<p>A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "shortName": "OX", "dateUpdated": "2026-04-22T13:45:34.667Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33602", "state": "PUBLISHED", "dateUpdated": "2026-04-22T14:47:07.785Z", "dateReserved": "2026-03-23T12:57:56.815Z", "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "datePublished": "2026-04-22T13:45:34.667Z", "assignerShortName": "OX"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:powerdns:dnsdist:*:*:*:*:*:*:*:*", "matchCriteriaId": "DCC2DF11-EC5C-4112-90F2-C266CB65D390", "versionEndExcluding": "1.9.13", "versionStartIncluding": "1.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerdns:dnsdist:*:*:*:*:*:*:*:*", "matchCriteriaId": "29865EC6-C1A0-40F3-B0BB-7F71F9C1DCB7", "versionEndExcluding": "2.0.4", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service."}], "id": "CVE-2026-33602", "lastModified": "2026-04-24T18:52:25.453", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.2, "source": "security@open-xchange.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-22T14:16:54.537", "references": [{"source": "security@open-xchange.com", "tags": ["Vendor Advisory"], "url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html"}], "sourceIdentifier": "security@open-xchange.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.9.0,1.9.13)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2.0.0,2.0.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DNSdist", "source": "cna", "vendor": "PowerDNS"}, "product": "dnsdist", "vendor": "powerdns"}], "analysis": {"en": {"generated_at": "2026-04-22T19:20:36.632214+00:00", "value": {"mitigation_remediation": ["Update DNSdist to the latest stable release that contains the fix referenced in the advisory.", "Actively monitor DNSdist logs for abnormal crash events and enable high\u2011availability failover to mitigate downtime.", "Restrict network communication between DNSdist and upstream backends, or enforce TLS between them, to prevent unauthorized or malformed UDP responses."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "DNSdist, the caching DNS load\u2011balancing infrastructure from PowerDNS, is the impacted product. The advisory does not publish specific vulnerable versions, so administrators should verify that their installations are at or above the latest publicly available release. No other vendors are listed.", "description_and_impact": "The described flaw is an off\u2011by\u2011one error in DNSdist\u2019s handling of UDP responses. When a rogue backend sends a response whose query ID is off by one relative to the maximum allowed value, DNSdist writes past the bounds of its internal buffer. This out\u2011of\u2011bounds write corrupts memory and causes the daemon to crash, resulting in a denial of service. The weakness is a classic buffer overflow (CWE\u2011122). The likely attack vector is a crafted response sent from a malicious backend to an unprotected DNSdist instance.", "risk_and_exploitability": "The CVSS score of 6.5 marks this issue as medium severity, and because the exploit requires only a malicious backend that can inject crafted UDP responses, the attack is feasible from a remote perspective. EPSS information is not available, and the vulnerability has not been listed in the CISA KEV catalog, indicating no known active exploitation. Nevertheless, the out\u2011of\u2011bounds write can lead to service interruption, which can be critical in high\u2011availability environments. Based on the description, it can be exploited remotely by a rogue backend."}}}}, "created": "2026-04-22T19:15:24.274897+00:00", "updated": "2026-04-22T19:30:24.746304+00:00", "vendors": ["powerdns", "powerdns$PRODUCT$dnsdist"]}