CVE-2026-30871

Name of the Vulnerable Software and Affected Versions OpenWrt Project versions prior to 24.10.6 and versions prior to 25.12.1

Description The OpenWrt Project, a Linux operating system for embedded devices, is affected by a Stack-based Buffer Overflow in the mdns daemon. The issue resides within the parse question function and is triggered by PTR queries for reverse DNS domains. The dn expand function converts non-printable ASCII bytes into multi-character octal representations, inflating the expanded name size. This inflated name is then copied into a fixed-size stack buffer, leading to a potential overflow. The overflow is reachable through normal multicast DNS packet processing on UDP port 5353. The strcpy function is used to copy data into the stack buffer.

Recommendations Versions prior to 24.10.6 should be updated to version 24.10.6 or later. Versions prior to 25.12.1 should be updated to version 25.12.1 or later.