CVE-2025-58063
Description
CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 and prior to version 1.12.4, the CoreDNS etcd plugin contains a TTL confusion vulnerability where lease IDs are incorrectly used as TTL values, enabling DNS cache pinning attacks. This effectively creates a DoS condition for DNS resolution of affected services. The TTL() function in plugin/etcd/etcd.go incorrectly casts etcd lease IDs (64-bit integers) to uint32 and uses them as TTL values. Large lease IDs become very large TTLs when cast to uint32. This enables cache pinning attacks. Version 1.12.4 contains a fix for the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/coredns/corednsGo | >= 1.2.0, < 1.12.4 | 1.12.4 |
Affected products
102- osv-coords101 versionspkg:apk/chainguard/cloudflaredpkg:apk/chainguard/eks-distro-1.29pkg:apk/chainguard/eks-distro-1.30pkg:apk/chainguard/eks-distro-1.31pkg:apk/chainguard/eks-distro-1.32pkg:apk/chainguard/eks-distro-1.33pkg:apk/chainguard/eks-distro-1.34pkg:apk/chainguard/eks-distro-coredns-1.29pkg:apk/chainguard/eks-distro-coredns-1.30pkg:apk/chainguard/eks-distro-coredns-1.31pkg:apk/chainguard/eks-distro-coredns-1.32pkg:apk/chainguard/eks-distro-coredns-1.33pkg:apk/chainguard/eks-distro-coredns-1.34pkg:apk/chainguard/eks-distro-coredns-fips-1.29pkg:apk/chainguard/eks-distro-coredns-fips-1.30pkg:apk/chainguard/eks-distro-coredns-fips-1.31pkg:apk/chainguard/eks-distro-coredns-fips-1.32pkg:apk/chainguard/eks-distro-coredns-fips-1.33pkg:apk/chainguard/eks-distro-coredns-fips-1.34pkg:apk/chainguard/eks-distro-fips-1.29pkg:apk/chainguard/eks-distro-fips-1.30pkg:apk/chainguard/eks-distro-fips-1.31pkg:apk/chainguard/eks-distro-fips-1.32pkg:apk/chainguard/eks-distro-fips-1.33pkg:apk/chainguard/eks-distro-fips-1.34pkg:apk/chainguard/eks-distro-kube-apiserver-1.29pkg:apk/chainguard/eks-distro-kube-apiserver-1.30pkg:apk/chainguard/eks-distro-kube-apiserver-1.31pkg:apk/chainguard/eks-distro-kube-apiserver-1.32pkg:apk/chainguard/eks-distro-kube-apiserver-1.33pkg:apk/chainguard/eks-distro-kube-apiserver-1.34pkg:apk/chainguard/eks-distro-kube-apiserver-fips-1.29pkg:apk/chainguard/eks-distro-kube-apiserver-fips-1.30pkg:apk/chainguard/eks-distro-kube-apiserver-fips-1.31pkg:apk/chainguard/eks-distro-kube-apiserver-fips-1.32pkg:apk/chainguard/eks-distro-kube-apiserver-fips-1.33pkg:apk/chainguard/eks-distro-kube-apiserver-fips-1.34pkg:apk/chainguard/eks-distro-kube-controller-manager-1.29pkg:apk/chainguard/eks-distro-kube-controller-manager-1.30pkg:apk/chainguard/eks-distro-kube-controller-manager-1.31pkg:apk/chainguard/eks-distro-kube-controller-manager-1.32pkg:apk/chainguard/eks-distro-kube-controller-manager-1.33pkg:apk/chainguard/eks-distro-kube-controller-manager-1.34pkg:apk/chainguard/eks-distro-kube-controller-manager-fips-1.29pkg:apk/chainguard/eks-distro-kube-controller-manager-fips-1.30pkg:apk/chainguard/eks-distro-kube-controller-manager-fips-1.31pkg:apk/chainguard/eks-distro-kube-controller-manager-fips-1.32pkg:apk/chainguard/eks-distro-kube-controller-manager-fips-1.33pkg:apk/chainguard/eks-distro-kube-controller-manager-fips-1.34pkg:apk/chainguard/eks-distro-kube-proxy-1.29pkg:apk/chainguard/eks-distro-kube-proxy-1.30pkg:apk/chainguard/eks-distro-kube-proxy-1.31pkg:apk/chainguard/eks-distro-kube-proxy-1.32pkg:apk/chainguard/eks-distro-kube-proxy-1.33pkg:apk/chainguard/eks-distro-kube-proxy-1.34pkg:apk/chainguard/eks-distro-kube-proxy-fips-1.29pkg:apk/chainguard/eks-distro-kube-proxy-fips-1.30pkg:apk/chainguard/eks-distro-kube-proxy-fips-1.31pkg:apk/chainguard/eks-distro-kube-proxy-fips-1.32pkg:apk/chainguard/eks-distro-kube-proxy-fips-1.33pkg:apk/chainguard/eks-distro-kube-proxy-fips-1.34pkg:apk/chainguard/eks-distro-kubernetes-pause-1.29pkg:apk/chainguard/eks-distro-kubernetes-pause-1.30pkg:apk/chainguard/eks-distro-kubernetes-pause-1.31pkg:apk/chainguard/eks-distro-kubernetes-pause-1.32pkg:apk/chainguard/eks-distro-kubernetes-pause-1.33pkg:apk/chainguard/eks-distro-kubernetes-pause-1.34pkg:apk/chainguard/eks-distro-kube-scheduler-1.29pkg:apk/chainguard/eks-distro-kube-scheduler-1.30pkg:apk/chainguard/eks-distro-kube-scheduler-1.31pkg:apk/chainguard/eks-distro-kube-scheduler-1.32pkg:apk/chainguard/eks-distro-kube-scheduler-1.33pkg:apk/chainguard/eks-distro-kube-scheduler-1.34pkg:apk/chainguard/eks-distro-kube-scheduler-fips-1.29pkg:apk/chainguard/eks-distro-kube-scheduler-fips-1.30pkg:apk/chainguard/eks-distro-kube-scheduler-fips-1.31pkg:apk/chainguard/eks-distro-kube-scheduler-fips-1.32pkg:apk/chainguard/eks-distro-kube-scheduler-fips-1.33pkg:apk/chainguard/eks-distro-kube-scheduler-fips-1.34pkg:apk/chainguard/juicefs-1.2pkg:apk/chainguard/juicefs-1.2-compatpkg:apk/chainguard/juicefs-1.3pkg:apk/chainguard/juicefs-1.3-compatpkg:apk/chainguard/k8s_gatewaypkg:apk/chainguard/k8s_gateway-compatpkg:apk/chainguard/k8s_gateway-fipspkg:apk/chainguard/k8s_gateway-fips-compatpkg:apk/chainguard/kubernetes-dns-node-cachepkg:apk/chainguard/kubernetes-dns-node-cache-fipspkg:apk/wolfi/cloudflaredpkg:apk/wolfi/juicefs-1.3pkg:apk/wolfi/juicefs-1.3-compatpkg:apk/wolfi/k8s_gatewaypkg:apk/wolfi/k8s_gateway-compatpkg:apk/wolfi/kubernetes-dns-node-cachepkg:golang/github.com/coredns/corednspkg:rpm/opensuse/coredns&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/coredns&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
< 2026.2.0-r0+ 100 more
- (no CPE)range: < 2026.2.0-r0
- (no CPE)range: < 1.29.53-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.32.28-r1
- (no CPE)range: < 1.33.18-r1
- (no CPE)range: < 1.34.9-r1
- (no CPE)range: < 1.29.53-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.32.28-r1
- (no CPE)range: < 1.33.18-r1
- (no CPE)range: < 1.34.9-r1
- (no CPE)range: < 1.29.53-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.32.28-r1
- (no CPE)range: < 1.33.18-r1
- (no CPE)range: < 1.34.9-r1
- (no CPE)range: < 1.29.53-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.32.28-r1
- (no CPE)range: < 1.33.18-r1
- (no CPE)range: < 1.34.9-r1
- (no CPE)range: < 1.29.53-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.32.28-r1
- (no CPE)range: < 1.33.18-r1
- (no CPE)range: < 1.34.9-r1
- (no CPE)range: < 1.29.53-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.32.28-r1
- (no CPE)range: < 1.33.18-r1
- (no CPE)range: < 1.34.9-r1
- (no CPE)range: < 1.29.53-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.32.28-r1
- (no CPE)range: < 1.33.18-r1
- (no CPE)range: < 1.34.9-r1
- (no CPE)range: < 1.29.53-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.32.28-r0
- (no CPE)range: < 1.33.18-r1
- (no CPE)range: < 1.34.9-r1
- (no CPE)range: < 1.29.53-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.32.28-r1
- (no CPE)range: < 1.33.18-r0
- (no CPE)range: < 1.34.9-r1
- (no CPE)range: < 1.29.53-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.32.28-r0
- (no CPE)range: < 1.33.18-r1
- (no CPE)range: < 1.34.9-r1
- (no CPE)range: < 1.29.53-r1
- (no CPE)range: < 1.30.46-r0
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.32.28-r1
- (no CPE)range: < 1.33.18-r1
- (no CPE)range: < 1.34.9-r1
- (no CPE)range: < 1.29.53-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.32.28-r1
- (no CPE)range: < 1.33.18-r0
- (no CPE)range: < 1.34.9-r1
- (no CPE)range: < 1.29.53-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.32.28-r1
- (no CPE)range: < 1.33.18-r1
- (no CPE)range: < 1.34.9-r1
- (no CPE)range: < 1.2.4-r4
- (no CPE)range: < 1.2.4-r4
- (no CPE)range: < 1.3.0-r5
- (no CPE)range: < 1.3.0-r5
- (no CPE)range: < 1.6.1-r0
- (no CPE)range: < 1.6.0-r3
- (no CPE)range: < 1.6.1-r0
- (no CPE)range: < 1.6.1-r0
- (no CPE)range: < 1.26.5-r1
- (no CPE)range: < 1.26.5-r1
- (no CPE)range: < 2026.2.0-r0
- (no CPE)range: < 1.3.0-r5
- (no CPE)range: < 1.3.0-r5
- (no CPE)range: < 1.6.1-r0
- (no CPE)range: < 1.6.0-r3
- (no CPE)range: < 1.26.5-r1
- (no CPE)range: >= 1.2.0, < 1.12.4
- (no CPE)range: < 1.14.0-bp160.1.1
- (no CPE)range: < 1.12.4-2.1
- (no CPE)range: < 0.0.20250918T182144-150000.1.107.1
- (no CPE)range: < 0.0.20250917T170349-1.1
- (no CPE)range: < 0.0.20250918T182144-150000.1.107.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.