MaraDNS developer Sam Trenholme reports:
... a mistake in allocating an array of integers, allocating it
in bytes instead of sizeof(int) units. This resulted in a buffer
being too small, allowing it to be overwritten. The impact of this
programming error is that MaraDNS can be crashed by sending
MaraDNS a single "packet of death". Since the data placed in the
overwritten array cannot be remotely controlled (it is a list of
increasing integers), there is no way to increase privileges
exploiting this bug.