CVE-2026-33600
Received
Received - Intake
Null Pointer Dereference in RPZ Handling Causes Denial of Service
Publication date: 2026-04-22
Last updated on: 2026-04-27
Assigner: Open-Xchange
Description
Description
An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| powerdns | recursor | From 5.2.0 (inc) to 5.2.9 (exc) |
| powerdns | recursor | From 5.3.0 (inc) to 5.3.6 (exc) |
| powerdns | recursor | 5.4.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can cause a denial of service (DoS) on the affected system.
This means that the system or service may become unavailable or crash when processing malicious RPZ data.
Can you explain this vulnerability to me?
This vulnerability occurs when a Response Policy Zone (RPZ) sent by a malicious authoritative server causes a null pointer dereference due to a missing consistency check.
The null pointer dereference leads to a denial of service condition.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70