Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/05 8:29 p.m.3 views

CVE-2026-35579

CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls dns.TsigVerify to validate...

8.2CVSS5.8AI score0.0051EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/28 10:54 p.m.8 views

CoreDNS has TSIG authentication bypass on gRPC and QUIC transports

Summary The gRPC, QUIC, DoH, and DoH3 transports in CoreDNS incorrectly handle TSIG authentication. For gRPC and QUIC, CoreDNS checks whether the TSIG key name exists in the config, but does not actually verify the TSIG HMAC. If the key name matches, tsigStatus remains nil and the tsig plugin...

9.8CVSS5.8AI score0.0051EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/28 10:54 p.m.10 views

GHSA-VP29-5652-4FW9 CoreDNS has TSIG authentication bypass on gRPC and QUIC transports

Summary The gRPC, QUIC, DoH, and DoH3 transports in CoreDNS incorrectly handle TSIG authentication. For gRPC and QUIC, CoreDNS checks whether the TSIG key name exists in the config, but does not actually verify the TSIG HMAC. If the key name matches, tsigStatus remains nil and the tsig plugin...

8.2CVSS5.9AI score0.0051EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/28 10:46 p.m.38 views

CoreDNS has TSIG authentication bypass on DoT, DoH, DoH3, DoQ, and gRPC

Summary CoreDNS' tsig plugin can be bypassed on non-plain-DNS transports because it trusts the transport writer's TsigStatus instead of performing verification itself. In the attached PoC, plain DNS/TCP correctly rejects an invalid TSIG NOTAUTH, while the same invalid-TSIG request is accepted ove...

8.7CVSS5.5AI score0.00374EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder