Spoofing attack in CoreDNS
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-0874 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
CoreDNS Server applications / DNS servers |
| Vendor | CoreDNS |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Input validation error
EUVDB-ID: #VU93499
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0874
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect implementation of cashing. A remote attacker can force the DNS server to return invalid cache entries and perform spoofing attack.
Install updates from vendor's website.
Vulnerable software versionsCoreDNS: 1.0.0 - 1.11.1
External linkshttp://access.redhat.com/security/cve/CVE-2024-0874
http://bugzilla.redhat.com/show_bug.cgi?id=2219234
http://github.com/coredns/coredns/issues/6186
http://github.com/coredns/coredns/pull/6354
http://access.redhat.com/errata/RHSA-2024:0041
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
