CoreDNS may return invalid cache entries · CVE-2024-0874 · GitHub Advisory Database · GitHub

CoreDNS may return invalid cache entries

Moderate severity GitHub Reviewed Published Apr 25, 2024 to the GitHub Advisory Database • Updated May 5, 2024

Package

github.com/coredns/coredns (Go)

Affected versions

<= 1.11.1

Patched versions

1.11.2

Description

A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.

References

Published by the National Vulnerability Database

Apr 25, 2024

Published to the GitHub Advisory Database Apr 25, 2024

Reviewed Apr 25, 2024

Last updated May 5, 2024

Severity

Moderate

5.3

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N