Younevsky

**Name of the Vulnerable Software and Affected Versions** CoreDNS versions prior to 1.14.2 **Description** CoreDNS is a DNS server that utilizes a chain of plugins. A flaw in the default plugin execution order allows bypassing of DNS access controls. Specifically, security plugins like acl are evaluated before the rewrite plugin, creating a Time-of-Check Time-of-Use (TOCTOU) condition. This allows unauthorized DNS access. **Recommendations** Update to version 1.14.2 or later.

**Name of the Vulnerable Software and Affected Versions** CoreDNS versions prior to 1.14.2 **Description** CoreDNS is a DNS server that utilizes chained plugins. A denial of service condition exists in the loop detection plugin due to a predictable pseudo-random number generator (PRNG) used for generating a secret query name. This, combined with a fatal error handler, can cause the DNS server to crash when receiving specially crafted DNS queries. **Recommendations** Update to version 1.14.2 or later.