CVE-2026-24028
Received Received - Intake
Out-of-Bounds Read in Open-Xchange Lua DNS Parsing Causes DoS

Publication date: 2026-03-31

Last updated on: 2026-04-14

Assigner: Open-Xchange

Description
An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential information disclosure.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-31
Last Modified
2026-04-14
Generated
2026-06-16
AI Q&A
2026-03-31
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24028
EUVD
EUVD-2026-17401
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
powerdns dnsdist From 1.9.0 (inc) to 1.9.12 (exc)
powerdns dnsdist From 2.0.0 (inc) to 2.0.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-126 The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs when an attacker sends a specially crafted DNS response packet that is processed by custom Lua code using the newDNSPacketOverlay function to parse DNS packets.

The crafted packet can trigger an out-of-bounds read, which means the code reads memory outside the intended buffer.

This out-of-bounds read can cause the program to crash, resulting in a denial of service, or it can access unrelated memory, potentially leading to information disclosure.

Impact Analysis

The vulnerability can impact you by causing a denial of service if the affected application crashes due to the out-of-bounds read.

Additionally, it may lead to information disclosure if the out-of-bounds read accesses memory containing sensitive data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24028. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart