CVE-2023-28452

Опубликовано: 18 сент. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the source port of a vulnerable resolver without the need to guess the correct TXID.

Ссылки

https://coredns.io/
Product
https://gist.github.com/idealeer/e41c7fb3b661d4262d0b6f21e12168ba
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:coredns.io:coredns:*:*:*:*:*:*:*:*

Версия до 1.10.1 (включая)

EPSS

Процентиль: 12%

0.00042

Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-290

Связанные уязвимости

CVE-2023-28452

CVSS3: 7.5

debian

больше 1 года назад

An issue was discovered in CoreDNS through 1.10.1. There is a vulnerab ...

GHSA-hfmw-7g3m-gj6q

CVSS3: 5.9

github

больше 1 года назад

CoreDNS vulnerable to TuDoor Attacks

openSUSE-SU-2024:0319-1

suse-cvrf

больше 1 года назад

Security update for coredns

EPSS

Процентиль: 12%

0.00042

Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-290