Buffer overflow in Openwrt

CVE-2026-30871

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the parse_question function. The issue is triggered by PT…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (6.7th percentile) — read the EPSS interpretation.

Affected products

Openwrt — versions < 24.10.6, >= 25.12.0-rc1, < 25.12.1

Weakness classification (CWE)

CWE-121 — Stack-based Buffer Overflow

References

https://github.com/openwrt/openwrt/security/advisories/GHSA-7c3j-f7w2-p8f6 (x_refsource_CONFIRM)
https://github.com/openwrt/openwrt/releases/tag/v24.10.6 (x_refsource_MISC)
https://github.com/openwrt/openwrt/releases/tag/v25.12.1 (x_refsource_MISC)