Home
LOW: 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:LDefault status
unaffected
1.9.0 (semver) before 1.9.13
affected
2.0.0 (semver) before 2.0.4
affected
Description
A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade (Lua) option to newServer or auto_upgrade (YAML) settings. DDR upgrade is not enabled by default.
Problem types
Out-of-bounds Read
Product status
1.9.0 (semver) before 1.9.13
2.0.0 (semver) before 2.0.4
Credits
ylwango613
References
www.dnsdist.org/...owerdns-advisory-for-dnsdist-2026-04.html