CVE-2026-24028

An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential information disclosure.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24028.json",
    "cna_assigner": "OX"
}

References

Affected packages

Git / github.com/powerdns/pdns

Affected ranges

Type: GIT
Repo: https://github.com/powerdns/pdns
Events: Introduced

89747e81bc60d7950276d5fda3ca669fa81b7cf9

Fixed

4108ae9f5f169166dba3e7f386be570304dfa224

Affected versions

dnsdist-2.*

dnsdist-2.0.0

dnsdist-2.0.1

dnsdist-2.0.2

Database specific

vanir_signatures_modified

"2026-05-23T21:48:41Z"

vanir_signatures

[
    {
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "length": 765.0,
            "function_hash": "293287316270370560739180217123376195271"
        },
        "source": "https://github.com/powerdns/pdns/commit/4108ae9f5f169166dba3e7f386be570304dfa224",
        "signature_version": "v1",
        "target": {
            "function": "GenericDNSPacketWriter",
            "file": "pdns/dnswriter.cc"
        },
        "id": "CVE-2026-24028-312fcb05"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "196750710981165019722567251179816899232",
                "143669205714038918598695895571400411566",
                "193390686121036593198491473821245491318",
                "311361033607077557922361869600726807444",
                "126645698171526315900414052326775541111",
                "49394186405097400081296927075964031972",
                "142730675826428073799885595095608959080",
                "69193003306794942760983145403495782519",
                "299764809593253226555141103474505857966",
                "197906401537327262348174905401665059131",
                "130038206882420215841457758935844782999",
                "50491007501642267266985313309076392765",
                "138671939340006314878705549103569172351",
                "38296261983002678690814468639385234372",
                "74788794945422197446355928159564143255",
                "294417946066157898055004658136749549528",
                "125342687631857503977262529962524098550",
                "181649417601518024546151430303831592046",
                "149319747161839550639890973534143501061",
                "11858594431592960537250474395629773631",
                "35566537893156477073173386529361260621",
                "177918228035823124619155635413542849011",
                "286605542654169391373210982676605532839",
                "10261605748523454459972902826032563756",
                "79511176349076475420392133562053268055",
                "299535541127462875151653938347101220810",
                "55802239249377074431752627016746005568",
                "114128734507744090330089334809852234489",
                "307197940336625241552681760767839201390",
                "210830024964778104095334268316321976329",
                "126607712738306559054127559515440993987"
            ]
        },
        "source": "https://github.com/powerdns/pdns/commit/4108ae9f5f169166dba3e7f386be570304dfa224",
        "signature_version": "v1",
        "target": {
            "file": "pdns/dnswriter.cc"
        },
        "id": "CVE-2026-24028-a6e6261c"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "length": 712.0,
            "function_hash": "115917283687646797612152934500653991308"
        },
        "source": "https://github.com/powerdns/pdns/commit/4108ae9f5f169166dba3e7f386be570304dfa224",
        "signature_version": "v1",
        "target": {
            "function": "commit",
            "file": "pdns/dnswriter.cc"
        },
        "id": "CVE-2026-24028-a8a3535c"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "229422370193932003736801629782059731737",
                "155625244500594211228213399035438633931",
                "313569620401429196486420475929070083207",
                "262258081556750556752660325064154936830",
                "261524607193109820774511788789970753689",
                "224840026474672431780764172292318789401",
                "315940254261985147564291124921183973978",
                "152360280049728807497682525989562933889",
                "338093430369139786384801952396287736186",
                "335789422100191491914077385506040760206",
                "75948444701278049383198055959305260149",
                "179667263154874884913069248495285189953"
            ]
        },
        "source": "https://github.com/powerdns/pdns/commit/4108ae9f5f169166dba3e7f386be570304dfa224",
        "signature_version": "v1",
        "target": {
            "file": "pdns/dnswriter.hh"
        },
        "id": "CVE-2026-24028-b17ae76b"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "length": 579.0,
            "function_hash": "304230221040377212026235390390096623365"
        },
        "source": "https://github.com/powerdns/pdns/commit/4108ae9f5f169166dba3e7f386be570304dfa224",
        "signature_version": "v1",
        "target": {
            "function": "startRecord",
            "file": "pdns/dnswriter.cc"
        },
        "id": "CVE-2026-24028-d5d6829b"
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-24028.json"