CVE-2026-33602
Received Received - Intake

Out-of-Bounds Write in UDP Handling Causes Denial of Service

Vulnerability report for CVE-2026-33602, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-22

Last updated on: 2026-04-24

Assigner: Open-Xchange

Description

A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-22
Last Modified
2026-04-24
Generated
2026-07-06
AI Q&A
2026-04-22
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
powerdns dnsdist From 1.9.0 (inc) to 1.9.13 (exc)
powerdns dnsdist From 2.0.0 (inc) to 2.0.4 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability occurs when a rogue backend sends a specially crafted UDP response with a query ID that is off by one from the maximum configured value. This causes an out-of-bounds write in the system.

The out-of-bounds write can lead to a denial of service condition.

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS) attack.

An attacker exploiting this vulnerability can cause the affected system to crash or become unavailable by triggering an out-of-bounds write.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33602. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart