Coredns Security Vulnerabilities and Issues — Coredns CVE List

Lucene search

Coredns.ioCoredns

5 matches found

CVE•added 2025/06/06 6:15 p.m.•126 views

CVE-2025-47950

CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service (DoS) vulnerability exists in the CoreDNS DNS-over-QUIC (DoQ) server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number o...

7.5CVSS7.5AI score0.00113EPSS

CVE•added 2024/09/18 9:15 p.m.•100 views

CVE-2023-30464

CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack.

7.5CVSS6.5AI score0.00038EPSS

CVE•added 2023/03/03 4:15 p.m.•92 views

CVE-2022-2835

A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of ..svc.

4.4CVSS4.4AI score0.00029EPSS

CVE•added 2023/03/03 4:15 p.m.•91 views

CVE-2022-2837

A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD.

6.1CVSS6AI score0.00129EPSS

CVE•added 2024/09/18 3:15 p.m.•91 views

CVE-2023-28452

An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the source port of a vu...

7.5CVSS6.8AI score0.00054EPSS