Suggestions search

Published

Filter by:

With package: coredns

Found 2 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-26017

7.7 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

updated 1 month, 4 weeks ago by @mweinelt Activity log

Created suggestion 1 month, 4 weeks ago
@mweinelt accepted 1 month, 4 weeks ago
@mweinelt published on GitHub 1 month, 4 weeks ago

CoreDNS ACL Bypass

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2.

References

https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr x_refsource_CONFIRM
https://github.com/coredns/coredns/releases/tag/v1.14.2 x_refsource_MISC

Affected products

coredns

==< 1.14.2

Matching in nixpkgs

pkgs.coredns

DNS server that runs middleware

nixos-unstable 1.14.1
- nixpkgs-unstable 1.14.1
- nixos-unstable-small 1.14.1
nixos-25.11 1.13.2
- nixos-25.11-small 1.13.2
- nixpkgs-25.11-darwin 1.13.2

Package maintainers

@rushmorem Rushmore Mushambi <rushmore@webenchanter.com>
@DeltaEvo Duarte David <deltaduartedavid@gmail.com>
@rtreffer Rene Treffer <treffer+nixos@measite.de>

Permalink CVE-2026-26018

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

updated 1 month, 4 weeks ago by @mweinelt Activity log

Created suggestion 1 month, 4 weeks ago
@mweinelt accepted 1 month, 4 weeks ago
@mweinelt published on GitHub 1 month, 4 weeks ago

CoreDNS Loop Detection Denial of Service Vulnerability

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name, combined with a fatal error handler that terminates the entire process. This issue has been patched in version 1.14.2.

References

https://github.com/coredns/coredns/security/advisories/GHSA-h75p-j8xm-m278 x_refsource_CONFIRM
https://github.com/coredns/coredns/releases/tag/v1.14.2 x_refsource_MISC

Affected products

coredns

==< 1.14.2

Matching in nixpkgs

pkgs.coredns

DNS server that runs middleware

nixos-unstable 1.14.1
- nixpkgs-unstable 1.14.1
- nixos-unstable-small 1.14.1
nixos-25.11 1.13.2
- nixos-25.11-small 1.13.2
- nixpkgs-25.11-darwin 1.13.2

Package maintainers

@rushmorem Rushmore Mushambi <rushmore@webenchanter.com>
@DeltaEvo Duarte David <deltaduartedavid@gmail.com>
@rtreffer Rene Treffer <treffer+nixos@measite.de>