Lucene search

[email protected]NVD:CVE-2023-28452

HistorySep 18, 2024 - 3:15 p.m.

CVE-2023-28452

2024-09-1815:15:13

[email protected]

web.nvd.nist.gov

coredns vulnerability

dns resolving

denial of service

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.7%

JSON

An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the source port of a vulnerable resolver without the need to guess the correct TXID.

Affected configurations

Nvd

Node

coredns.iocorednsRange≤1.10.1

VendorProductVersionCPE
coredns.iocoredns*cpe:2.3:a:coredns.io:coredns:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
coredns.io	coredns	*	cpe:2.3:a:coredns.io:coredns::::::::

References

coredns.io/

gist.github.com/idealeer/e41c7fb3b661d4262d0b6f21e12168ba

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.7%

JSON

Related for NVD:CVE-2023-28452

osv3 github1 cvelist1 cve1 vulnrichment1 nessus1