CVE-2026-33593 PUBLISHED

Denial of service via crafted DNSCrypt query

Assigner: OX
Reserved: 23.03.2026 Published: 22.04.2026 Updated: 22.04.2026

A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Score: 7.5

Product Status

Vendor PowerDNS
Product DNSdist
Versions Default: unaffected
  • affected from 1.9.0 to 1.9.13 (excl.)
  • affected from 2.0.0 to 2.0.4 (excl.)

Credits

  • Haruto Kimura (Stella) finder

References

Problem Types

  • Divide By Zero CWE