High severityNVD Advisory· Published Sep 18, 2024· Updated Mar 19, 2025
CVE-2023-28452
CVE-2023-28452
Description
An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the source port of a vulnerable resolver without the need to guess the correct TXID.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/coredns/corednsGo | < 1.11.0 | 1.11.0 |
Affected products
10- osv-coords9 versionspkg:apk/chainguard/juicefs-1.2pkg:apk/chainguard/juicefs-1.2-compatpkg:apk/chainguard/juicefs-1.3pkg:apk/chainguard/juicefs-1.3-compatpkg:apk/wolfi/juicefs-1.3pkg:apk/wolfi/juicefs-1.3-compatpkg:golang/github.com/coredns/corednspkg:rpm/opensuse/coredns&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/coredns&distro=SUSE%20Package%20Hub%2015%20SP6
< 1.2.4-r1+ 8 more
- (no CPE)range: < 1.2.4-r1
- (no CPE)range: < 1.2.4-r1
- (no CPE)range: < 1.3.0-r2
- (no CPE)range: < 1.3.0-r2
- (no CPE)range: < 1.3.0-r2
- (no CPE)range: < 1.3.0-r2
- (no CPE)range: < 1.11.0
- (no CPE)range: < 1.11.3-bp156.4.3.1
- (no CPE)range: < 1.11.3-bp156.4.3.1
Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.