CVE-2026-30871
Received Received - Intake
Stack-Based Buffer Overflow in OpenWrt mdns Daemon (PTR Queries

Publication date: 2026-03-19

Last updated on: 2026-03-24

Assigner: GitHub, Inc.

Description
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the parse_question function. The issue is triggered by PTR queries for reverse DNS domains (.in-addr.arpa and .ip6.arpa). DNS packets received on UDP port 5353 are expanded by dn_expand into an 8096-byte global buffer (name_buffer), which is then copied via an unbounded strcpy into a fixed 256-byte stack buffer when handling TYPE_PTR queries. The overflow is possible because dn_expand converts non-printable ASCII bytes (e.g., 0x01) into multi-character octal representations (e.g., \001), significantly inflating the expanded name beyond the stack buffer's capacity. A crafted DNS packet can exploit this expansion behavior to overflow the stack buffer, making the vulnerability reachable through normal multicast DNS packet processing. This issue has been fixed in versions 24.10.6 and 25.12.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-19
Last Modified
2026-03-24
Generated
2026-05-07
AI Q&A
2026-03-20
EPSS Evaluated
2026-05-05
NVD
CVE-2026-30871
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
openwrt openwrt to 24.10.6 (exc)
openwrt openwrt From 25.12.0 (inc) to 25.12.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?

The vulnerability has been fixed in OpenWrt versions 24.10.6 and 25.12.1. Immediate mitigation involves upgrading the mdns daemon to at least these versions.


Can you explain this vulnerability to me?

This vulnerability is a stack-based buffer overflow in the mdns daemon of the OpenWrt Project's Linux operating system for embedded devices. It occurs in the parse_question function when handling PTR queries for reverse DNS domains (.in-addr.arpa and .ip6.arpa). Specifically, DNS packets received on UDP port 5353 are expanded into a large 8096-byte global buffer, which is then copied without bounds into a smaller 256-byte stack buffer using strcpy. The overflow happens because non-printable ASCII bytes are converted into multi-character octal representations, inflating the size beyond the stack buffer's capacity. A specially crafted DNS packet can exploit this to overflow the stack buffer during normal multicast DNS processing.


How can this vulnerability impact me? :

This vulnerability can lead to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code or cause a denial of service on affected devices running vulnerable versions of OpenWrt. Since the issue is reachable through normal multicast DNS packet processing, an attacker could exploit it remotely by sending crafted DNS packets to the device.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart