CVE-2026-27854
Use-After-Free in DNSdist Lua getEDNSOptions Causes DoS
Publication date: 2026-03-31
Last updated on: 2026-04-14
Assigner: Open-Xchange
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| powerdns | dnsdist | From 1.9.0 (inc) to 1.9.12 (exc) |
| powerdns | dnsdist | From 2.0.0 (inc) to 2.0.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves a use-after-free condition in DNSdist when processing DNS queries. Specifically, an attacker can send specially crafted DNS queries that exploit the DNSQuestion:getEDNSOptions method used in custom Lua code. In some cases, this method may reference a modified version of the DNS packet, leading to a use-after-free scenario.
This use-after-free can cause the DNSdist process to crash, resulting in a denial of service.
How can this vulnerability impact me? :
The primary impact of this vulnerability is the potential for denial of service. An attacker exploiting this flaw can cause DNSdist to crash by triggering the use-after-free condition, which may disrupt DNS services relying on DNSdist.
The CVSS score indicates a low to medium severity with limited confidentiality impact and no integrity impact, but it does have an availability impact.