#VU93499 Input validation error in CoreDNS - CVE-2024-0874

Cybersecurity Help s.r.o.

Published: 2024-06-28

Vulnerability identifier: #VU93499

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-0874

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
CoreDNS
Server applications / DNS servers

Vendor: CoreDNS

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect implementation of cashing. A remote attacker can force the DNS server to return invalid cache entries and perform spoofing attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

CoreDNS: 1.0.0 - 1.11.1

External links
https://access.redhat.com/security/cve/CVE-2024-0874
https://bugzilla.redhat.com/show_bug.cgi?id=2219234
https://github.com/coredns/coredns/issues/6186
https://github.com/coredns/coredns/pull/6354
https://access.redhat.com/errata/RHSA-2024:0041

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Cloud Pak for AIOps

Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.14

Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.13

Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.15

Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.16

Spoofing attack in CoreDNS