PT-2024-12235 · Coredns · Coredns

Xiang Li

Published

2024-09-18

Updated

2025-07-10

CVE-2023-30464

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions CoreDNS versions 1.10.1 and earlier

Description The issue allows attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack, enabling them to manipulate DNS responses.

Recommendations For CoreDNS versions 1.10.1 and earlier, update to a version later than 1.10.1 to resolve the issue.

Fix

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-290

Related Identifiers

CVE-2023-30464

ECHO-B3DC-A2A9-53CC

GHSA-H92Q-FGPP-QHRQ

GO-2024-3134

OPENSUSE-SU-2024:0319-1

Affected Products

Coredns

PT-2024-12235 · Coredns · Coredns

CVE-2023-30464

Weakness Enumeration

Related Identifiers

Affected Products

References · 20