CVE-2026-33259 | THREATINT

Description

Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur with a malfunctioning RPZ provider.

PUBLISHED Reserved 2026-03-18 | Published 2026-04-22 | Updated 2026-04-22 | Assigner OX

MEDIUM: 5.0CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H

Problem types

Use After Free

Product status

Default status

unaffected

5.4.0 (semver) before 5.4.1

affected

5.3.0 (semver) before 5.3.6

affected

5.2.0 (semver) before 5.2.9

affected

Credits

Haruto Kimura (Stella) finder

References

docs.powerdns.com/...powerdns-advisory-powerdns-2026-03.html

cve.org (CVE-2026-33259)

nvd.nist.gov (CVE-2026-33259)

Download JSON