Vulnerabilities > CVE-2023-28452 - Unspecified vulnerability in Coredns.Io Coredns

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

coredns-io

NVD

Published: 2024-09-18

Updated: 2024-09-26

Summary

An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the source port of a vulnerable resolver without the need to guess the correct TXID.

Vulnerable Configurations

Part	Description	Count
Application	Coredns.Io Coredns.Io Coredns -	1

References

https://coredns.io/
https://gist.github.com/idealeer/e41c7fb3b661d4262d0b6f21e12168ba