CVE-2026-33598
Received Received - Intake

Out-of-Bounds Read in Open-Xchange Lua Packet Cache

Vulnerability report for CVE-2026-33598, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-22

Last updated on: 2026-04-24

Assigner: Open-Xchange

Description

A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on a packet cache.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-22
Last Modified
2026-04-24
Generated
2026-07-06
AI Q&A
2026-04-22
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
powerdns dnsdist From 1.9.0 (inc) to 1.9.13 (exc)
powerdns dnsdist From 2.0.0 (inc) to 2.0.4 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability occurs when a cached crafted response triggers an out-of-bounds read. This happens if custom Lua code calls the functions getDomainListByAddress() or getAddressListByDomain() on a packet cache.

Impact Analysis

The vulnerability can lead to an out-of-bounds read, which may cause limited information disclosure (confidentiality impact) and a partial denial of service (availability impact). The CVSS score indicates a low to medium severity with no impact on integrity.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33598. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart