Skip to content

CoreDNS Cache Poisoning via a birthday attack

Low severity GitHub Reviewed Published Sep 18, 2024 to the GitHub Advisory Database • Updated Sep 19, 2024

Package

gomod github.com/coredns/coredns (Go)

Affected versions

<= 1.10.1

Patched versions

None

Description

CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack.

References

Published by the National Vulnerability Database Sep 18, 2024
Published to the GitHub Advisory Database Sep 18, 2024
Reviewed Sep 18, 2024
Last updated Sep 19, 2024

Severity

Low

EPSS score

0.043%
(10th percentile)

Weaknesses

CVE ID

CVE-2023-30464

GHSA ID

GHSA-h92q-fgpp-qhrq

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.