Denial Of Service (DoS)

github.com/coredns/coredns is vulnerable to Denial of Service DoS. The vulnerability is due to lack of limits on concurrent QUIC streams and goroutines per connection, allowing an attacker to exhaust memory by opening many streams simultaneously...

GHSA-CVX7-X8PJ-X2GW CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification

Summary A Denial of Service DoS vulnerability was discovered in the CoreDNS DNS-over-QUIC DoQ server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of concurrent streams or goroutines. A remote, unauthenticate...

CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification

Summary A Denial of Service DoS vulnerability was discovered in the CoreDNS DNS-over-QUIC DoQ server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of concurrent streams or goroutines. A remote, unauthenticate...

CVE-2025-47950

CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service DoS vulnerability exists in the CoreDNS DNS-over-QUIC DoQ server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of...

CVE-2025-47950

CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service DoS vulnerability exists in the CoreDNS DNS-over-QUIC DoQ server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of...

CVE-2025-47950

CVE-2025-47950 affects CoreDNS DoQ, where the DoS occurred because the DoQ server spawned a new goroutine per incoming QUIC stream with no concurrency cap. The fixed patch (v1.12.2) adds explicit limits: max_streams per connection defaults to 256 and a server-wide bounded worker pool (worker_pool...