3315 matches found
CVE-2026-27854 Use after free when parsing EDNS options in Lua
An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOptions might refer to a version of the DNS packet that has been modified, thus triggering a...
CVE-2026-27854
CVE-2026-27854 affects dnsdist. The vulnerability arises when crafted DNS queries invoke DNSQuestion:getEDNSOptions in custom Lua code, which can reference a modified DNS packet and trigger a use-after-free, potentially causing a crash and denial of service. Connected advisories across Debian/SUS...
CVE-2026-27853 Out-of-bounds write when rewriting large DNS packets
An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535...
CVE-2026-27853 Out-of-bounds write when rewriting large DNS packets
An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535...
CVE-2026-27853
An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535...
CVE-2026-24028 Out-of-bounds read when parsing DNS packets via Lua
An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential...
CVE-2026-24028
CVE-2026-24028 affects dnsdist, a DNS load balancer. The issue arises when custom Lua code parses DNS packets with newDNSPacketOverlay, causing an out-of-bounds read that can crash the process and potentially disclose memory. Connected advisories confirm the vulnerability and list it among multip...
CVE-2026-24028
An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential...
CVE-2026-24028
An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential...
CVE-2026-24028
An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential...
CVE-2026-24028 Out-of-bounds read when parsing DNS packets via Lua
An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential...
📄 LuaJIT 2.1.1774638290 Arbitrary Code Execution
LuaJIT's Foreign Function Interface FFI provides unrestricted access to native C functions including syscall, mmap, mprotect and arbitrary shared library loading. When FFI is accessible to untrusted Lua code in embedding scenarios OpenResty, Redis, game engines, IoT, an attacker can achieve...
CVE-2026-4558
A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The attack may be launched remotely. T...
EUVD-2026-14744
Improper Control of Generation of Code 'Code Injection' vulnerability in dendibakh perf-ninja labs/misc/pgo/lua modules. This vulnerability is associated with program files ldo.C. This issue affects perf-ninja...
CVE-2026-4745
Improper Control of Generation of Code 'Code Injection' vulnerability in dendibakh perf-ninja labs/misc/pgo/lua modules. This vulnerability is associated with program files ldo.C. This issue affects perf-ninja...
CVE-2026-4745 Arbitrary Code Execution via Crafted Bytecode in dendibakh/perf-ninja
Improper Control of Generation of Code 'Code Injection' vulnerability in dendibakh perf-ninja labs/misc/pgo/lua modules. This vulnerability is associated with program files ldo.C. This issue affects perf-ninja...
CVE-2026-4745 Arbitrary Code Execution via Crafted Bytecode in dendibakh/perf-ninja
Improper Control of Generation of Code 'Code Injection' vulnerability in dendibakh perf-ninja labs/misc/pgo/lua modules. This vulnerability is associated with program files ldo.C. This issue affects perf-ninja...
CVE-2026-4745
Improper Control of Generation of Code 'Code Injection' vulnerability in dendibakh perf-ninja labs/misc/pgo/lua modules. This vulnerability is associated with program files ldo.C. This issue affects perf-ninja...
CVE-2026-4745
CVE-2026-4745 is an Arbitrary Code Execution in dendibakh perf-ninja (labs/misc/pgo/lua modules) linked to the vulnerable program file ldo.C. The issue arises from improper generation of code (Code Injection) in perf-ninja, affecting the Lua-related components. The CVSS 4.0 base score is 10.0 (CR...
PT-2026-27325
Improper Control of Generation of Code 'Code Injection' vulnerability in dendibakh perf-ninja labs/misc/pgo/lua modules. This vulnerability is associated with program files ldo.C. This issue affects perf-ninja...