Stack-based Buffer Overflow in OpenWrt's mDNS Daemon
CVE-2026-30871

9.5CRITICAL

Key Information:

Vendor

Openwrt

Status
Openwrt
Vendor
CVE Published:
19 March 2026

What is CVE-2026-30871?

The OpenWrt Project's mDNS daemon is susceptible to a stack-based buffer overflow due to improper handling of PTR queries for reverse DNS domains. This issue is triggered when crafted DNS packets are processed, leading to an unbounded copy of data into a fixed-size stack buffer. If exploited, this vulnerability can allow attackers to manipulate the stack, affecting the execution flow of the application. The vulnerability was resolved in versions 24.10.6 and 25.12.1, and users are advised to upgrade their systems to mitigate these risks.

Affected Version(s)

openwrt < 24.10.6 < 24.10.6

openwrt >= 25.12.0-rc1, < 25.12.1 < 25.12.0-rc1, 25.12.1

References

https://github.com/openwrt/openwrt/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/openwrt/openwrt/releases/tag/v24.10.6
x_refsource_MISC
https://github.com/openwrt/openwrt/releases/tag/v25.12.1
x_refsource_MISC

CVSS V4

Score:
9.5
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.