Description

An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the source port of a vulnerable resolver without the need to guess the correct TXID.

INFO

Published Date :

2024-09-18T00:00:00.000Z

Last Modified :

2025-03-19T20:44:07.451Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2023-28452 vulnerability.

Vendors Products
Coredns.io
  • Coredns
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-28452.

URL Resource
https://coredns.io/ cve-icon cve-icon
https://gist.github.com/idealeer/e41c7fb3b661d4262d0b6f21e12168ba cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact