4 matches found
CoreDNS DNS-over-QUIC unbounded goroutine growth leads to denial of service
...
CVE-2026-32934 CoreDNS DNS-over-QUIC unbounded goroutine growth leads to denial of service
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-QUIC DoQ server can be driven into unbounded goroutine and memory growth by a remote client that opens many QUIC streams and sends only 1 byte per stream. When the worker pool is full, CoreDNS still spawns a...
CVE-2026-32934 CoreDNS DNS-over-QUIC unbounded goroutine growth leads to denial of service
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-QUIC DoQ server can be driven into unbounded goroutine and memory growth by a remote client that opens many QUIC streams and sends only 1 byte per stream. When the worker pool is full, CoreDNS still spawns a...
Missing Release of Resource after Effective Lifetime
Overview Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime via resource exhaustion caused by improper cleanup of long-lived resources. Several components fail to correctly close or release gRPC connections, SPIFFE sources, and streaming...