漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
CoreDNS DoH GET path missing size validation causes CPU and memory amplification
Vulnerability Description
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS (DoH) GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a bounded read via http.MaxBytesReader limited to 65536 bytes, the GET path has no equivalent size validation before expensive processing. A remote, unauthenticated attacker can repeatedly send oversized DoH GET requests to force high CPU usage, large transient memory allocations, and elevated garbage-collection pressure, leading to denial of service. This issue has been fixed in version 1.14.3.
CVSS Information
N/A
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
CoreDNS 资源管理错误漏洞
Vulnerability Description
CoreDNS是CoreDNS社区的一个 DNS 服务器。 CoreDNS 1.14.3之前版本存在资源管理错误漏洞,该漏洞源于DNS-over-HTTPS GET路径中未对过大的dns查询参数进行大小验证,可能导致远程攻击者造成高CPU使用率和内存压力。
CVSS Information
N/A
Vulnerability Type
N/A