Zero Day MonitorZDM

← Back to list

5.3

CVE-2026-24028EXPLOITEDPATCHED

powerdns · dnsdist

Out-of-bounds read when parsing DNS packets via Lua

Description

An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential information disclosure.

Affected Products

Vendor	Product	Versions
powerdns	dnsdist	1.9.0, 2.0.0

References

https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html

Related News (2 articles)

Tier C

VulDB5h ago

CVE-2026-24028 | PowerDNS DNSdist up to 1.9.11/2.0.2 newDNSPacketOverlay out-of-bounds

→ No new info (linked only)

Tier B

BSI Advisories6h ago

[NEU] [hoch] PowerDNS: Mehrere Schwachstellen

→ No new info (linked only)

CVSS 3.15.3 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA KEV❌ No

Actively exploited✅ Yes

Patch available1.9.12, 2.0.3

PublishedMar 31, 2026

Last enriched5h agov2

Trending Score52

Source articles2

Independent2

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2026-24029EXP

DNS over HTTPS ACL bypass

MEDIUMCVE-2026-27853EXP

Out-of-bounds write when rewriting large DNS packets

LOWCVE-2026-0396

HTML injection in the web dashboard

MEDIUMCVE-2026-24030

Unbounded memory allocation for DoQ and DoH3

MEDIUMCVE-2026-27854

Use after free when parsing EDNS options in Lua

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Mar 31, 2026

Discovered by ZDM

Mar 31, 2026

Updated: affectedVersions, severity, activelyExploited, cweIds

Mar 31, 2026

Actively Exploited

Mar 31, 2026

Patch Available

Mar 31, 2026

Version History

v2

Last enriched 5h ago

v2Tier C5h ago

Updated affected versions to include 1.9.11 and 2.0.2, changed severity to HIGH, and noted that the vulnerability is actively exploited.

affectedVersionsseverityactivelyExploitedcweIds

via VulDB

v15h ago

Initial creation