Powerdns · Dnsdist · CVE-2026-27853
**Name of the Vulnerable Software and Affected Versions**
DNSdist (affected versions not specified)
**Description**
An attacker could trigger an out-of-bounds write by sending crafted DNS responses to DNSdist. This is possible when utilizing the `DNSQuestion:changeName` or `DNSResponse:changeName` methods within custom Lua code. Rewritten packets may exceed the initial response size, potentially reaching over 65535 bytes, which could lead to a crash and denial of service. The vulnerability involves manipulating DNS packets through the `DNSQuestion:changeName` and `DNSResponse:changeName` methods.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.