CVE-2026-33259

Source
https://cve.org/CVERecord?id=CVE-2026-33259
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33259.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-33259
Downstream
Published
2026-04-22T09:38:51.991Z
Modified
2026-07-15T02:19:11.204244614Z
Severity
  • 5.0 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H CVSS Calculator
Summary
Concurrent modification of RPZ data can lead to denial of servce
Details

Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur with a malfunctioning RPZ provider.

Database specific
{
    "cna_assigner": "OX",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33259.json"
}
References

Affected packages

Git / github.com/powerdns/pdns

Affected ranges

Type
GIT
Repo
https://github.com/powerdns/pdns
Events
Database specific
{
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ],
    "cpe": [
        "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:powerdns:recursor:5.4.0:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "5.2.0"
        },
        {
            "fixed": "5.2.9"
        },
        {
            "introduced": "5.3.0"
        },
        {
            "fixed": "5.3.6"
        },
        {
            "introduced": "5.4.0"
        },
        {
            "last_affected": "5.4.0"
        }
    ]
}

Affected versions

5.*
5.4.0
rec-5.*
rec-5.2.0
rec-5.2.2
rec-5.2.4
rec-5.2.5
rec-5.2.6
rec-5.2.8
rec-5.3.0
rec-5.3.1
rec-5.3.4
rec-5.4.0
rec-5.4.0-rc1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33259.json"