Allocation of Resources Without Limits or Throttling

Overview github.com/coredns/coredns/core/dnsserver is a package that implements all the interfaces from Caddy, so that CoreDNS can be a servertype plugin. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the DNS-over-QUIC DoQ server...

CVE-2025-47950

CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service DoS vulnerability exists in the CoreDNS DNS-over-QUIC DoQ server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of...

AZL-63695 CVE-2025-47950 affecting package coredns for versions less than 1.11.1-19

CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service DoS vulnerability exists in the CoreDNS DNS-over-QUIC DoQ server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of...

PT-2024-3971 · Nginx +1 · Nginx Oss +3

Name of the Vulnerable Software and Affected Versions: NGINX Plus affected versions not specified NGINX OSS affected versions not specified Description: The issue is related to the use of memory after it has been freed in the HTTP/3 QUIC module ngx http v3 module of NGINX Plus and NGINX OSS. This...