Azure Linux 3.0 Security Update: coredns (CVE-2024-53259)

🗓️ 17 Apr 2025 00:00:00Reported by TenableType

Coredns on Azure Linux 3.0 is vulnerable to CVE-2024-53259, affecting QUIC protocol connections.

Reporter	Title	Published	Views	Family All 84
BDU FSTEC	The vulnerability of the QUIC protocol implementation in the quic-go library, written in the Go programming language, arises from insufficient verification of data authenticity. This allows attackers to influence the accessibility of protected information.	5 Dec 202400:00	–	bdu_fstec
CBLMariner	CVE-2024-53259 affecting package coredns for versions less than 1.11.1-15	31 Mar 202521:13	–	cbl_mariner
CBLMariner	CVE-2024-53259 affecting package coredns for versions less than 1.11.4-1	16 Apr 202515:08	–	cbl_mariner
Chainguard	CVE-2024-53259 vulnerabilities	2 Dec 202417:15	–	cgr
Circl	CVE-2024-53259	2 Dec 202419:35	–	circl
CNNVD	quic-go 数据伪造问题漏洞	2 Dec 202400:00	–	cnnvd
CVE	CVE-2024-53259	2 Dec 202416:12	–	cve
Cvelist	CVE-2024-53259 quic-go affected by an ICMP Packet Too Large Injection Attack on Linux	2 Dec 202416:12	–	cvelist
Debian CVE	CVE-2024-53259	2 Dec 202416:12	–	debiancve
EUVD	EUVD-2024-3494	3 Oct 202520:07	–	euvd

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-53259
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(234533);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/09/15");

  script_cve_id("CVE-2024-53259");

  script_name(english:"Azure Linux 3.0 Security Update: coredns (CVE-2024-53259)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Azure Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of coredns installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore,
affected by a vulnerability as referenced in the CVE-2024-53259 advisory.

  - quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet
    Too Large packet. Since affected quic-go versions used IP_PMTUDISC_DO, the kernel would then return a
    message too large error on sendmsg, i.e. when quic-go attempts to send a packet that exceeds the MTU
    claimed in that ICMP packet. By setting this value to smaller than 1200 bytes (the minimum MTU for QUIC),
    the attacker can disrupt a QUIC connection. Crucially, this can be done after completion of the handshake,
    thereby circumventing any TCP fallback that might be implemented on the application layer (for example,
    many browsers fall back to HTTP over TCP if they're unable to establish a QUIC connection). The attacker
    needs to at least know the client's IP and port tuple to mount an attack. This vulnerability is fixed in
    0.48.2. (CVE-2024-53259)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2024-53259");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-53259");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/12/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/04/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/04/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:coredns");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:microsoft:azure_linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Azure Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AzureLinux/release", "Host/AzureLinux/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/AzureLinux/release');
if (isnull(release) || 'Azure Linux' >!< release) audit(AUDIT_OS_NOT, 'Azure Linux');
var os_ver = pregmatch(pattern: "Azure Linux ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Azure Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Azure Linux 3.0', 'Azure Linux ' + os_ver);

if (!get_kb_item('Host/AzureLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu)
  audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Azure Linux', cpu);

var pkgs = [
    {'reference':'coredns-1.11.4-3.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'coredns-1.11.4-3.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  var cves = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'Azure Linux ' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'coredns');
}

15 Sep 2025 00:00Current

7.6High risk

Vulners AI Score7.6

CVSS 3.16.5

EPSS0.00596

SSVC

coredns vulnerability azure linux quic protocol icmp packet attacker