CVE-2026-27853

Name of the Vulnerable Software and Affected Versions DNSdist (affected versions not specified)

Description An attacker could trigger an out-of-bounds write by sending crafted DNS responses to DNSdist. This is possible when utilizing the DNSQuestion:changeName or DNSResponse:changeName methods within custom Lua code. Rewritten packets may exceed the initial response size, potentially reaching over 65535 bytes, which could lead to a crash and denial of service. The vulnerability involves manipulating DNS packets through the DNSQuestion:changeName and DNSResponse:changeName methods.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.